Major Data Breach Integris Health

[HillsideDesolate]

More likely just a inattentive employee who opens up a suspicious email and clicks a link to spyware/malware.

Or some end-of-life server OS that was never upgraded/replaced so it was vulnerable to security attacks.

I can honestly see it just being Integris milking patients for $50.

 

[BobbyV]

80 percent of it I'd say is outdated equipment on the edge of their networks meaning their firewalls, lately there has been such a flood of zero day attacks that it's hard to believe the manufacturers aren't doing this intentionally. An insider attack in the IT field wouldn't be as likely because of how much the IT community talks. You would be black balled quick after one suspected incident.

Yep. It's crazy how much facilities use networked medical equipment that they don't replace because of all of the FDA certifications and limitations on what they can use. I was in IT security for almost 10 years and most of the folks I worked for had no clue what I did or why I wouldn't give approval for anything and everything they wanted to add to the network.

 

[SoonerP226]

The problem is not so much the workstations that are offline only devices that cause the issue, its usually the ones sitting behind a desk with access to both the internet and the servers with sensitive data on them that cause the breaches.

That’s a very poor network design. Systems that can’t be updated should be isolated from everything else by the network architecture, especially from systems that have Internet access.

 

[Russ IT Guy]

What about almost every time you call CS it connects you to some place in BFE, India telling the person that barely speaks English all of your personal and account information? I'm sure it's not that since a lot of my spam emails are from a rich Indian prince relative that left me money.

Who would've ever thought there were so many Indian royalties that Americans derived from lmao

 

[Russ IT Guy]

Yep. It's crazy how much facilities use networked medical equipment that they don't replace because of all of the FDA certifications and limitations on what they can use. I was in IT security for almost 10 years and most of the folks I worked for had no clue what I did or why I wouldn't give approval for anything and everything they wanted to add to the network.

It's quite scary and infuriating honestly, I'm about 20yrs and rolling in the IT field but the company I work for supports about 160 companies across different industries. Doesn't seem to matter what industry it is, they will not upgrade their security until they get hit. It's like leaving your business unsecured because you think you're too small for a criminal to notice or don't think they would have the balls to do it, completely insane.

 

[Russ IT Guy]

That’s a very poor network design. Systems that can’t be updated should be isolated from everything else by the network architecture, especially from systems that have Internet access.

Myself being a security focused engineer I always push clients to a zero trust methodology, problem is that most do not want it or think it's just a sales pitch to get more money out of them

 

[BobbyV]

I'm about 20yrs and rolling in the IT field

I didn't start out in IT, but made the mistake of answering the phone one Friday in 1997 asking if I could restart a file server . . . it was all downhill from there.

 

[XYZ]

Just saw on the News4 there’s a class action lawsuit.

So if they got you check it out.

 

[commandcomm]

Just saw on the News4 there’s a class action lawsuit.

So if they got you check it out.

Lawyers will get a few million and I will get free credit monitoring for a year.

 

[THAT Gurl]

I didn't start out in IT, but made the mistake of answering the phone one Friday in 1997 asking if I could restart a file server . . . it was all downhill from there.

Lol ... That sounds like how I managed to wind up working for lawyers.