Regarding the HC.gov hacking incident...
Yeah, yeah, I know; a test server for Healthcare.Gov was successfully hacked into recently; no sensitive data was stolen, but Security was Breached, etc etc etc.
No, I'm not shrugging the incident off. I'm the one who called Hawaii's state exchange website out for taking over a week to resolve their own Heartbleed SSL vulnerability last spring. Yes, security is very important, especially with personal financial, medical and citizenship data. Hopefully the HHS techies are eliminating vulnerabilities, beefing up security and so forth.
I'm swamped with my day job at the moment, so I don't have a whole lot to add to the discussion at the moment...
HOWEVER, this line from GOP Rep. Diane Black in Avik Roy's latest ACA attack at Forbes.com literally made me laugh out loud:
Rep. Diane Black (R., Tenn.), who has been on top of this problem for a long time, warned in January in these pages that “the dangerous reality is that when it comes to protecting Americans’ personal information from data breaches and hacks, the federal exchange is not playing by the same rules as private businesses.”
I was going to run a bunch of Google searches to bring up a list of private business data breaches and hacks of Americans' personal information, but thankfully, an enterprising journalist has already done so for me.
In fact, they did this just 2 days ago.
In fact, they posted the list...at Forbes.com:
Home Depot HD +1.52% – Home Depot may be the latest in what is becoming an increasingly long list of retailers hit with credit card breaches this year, Brian Krebs reported on Tuesday. Some banks say the breach extends back to late April or early May 2014. If this is true, the Home Depot breach could end up being much larger than the now-infamous Target breach....
iCloud – After nude celebrity photos were leaked over the weekend—allegedly from celebrity iCloud accounts—Apple AAPL +0.61% issued a statement on Tuesday...
JP Morgan Chase –Last week, the FBI announced that it was investigating a cyber attack against JP Morgan Chase and other banks...While the attack may have begun months ago...
Dairy Queen – Last week, Brian Krebs reportedthat Dairy Queen might have been hit with a credit card breach...While Dairy Queen originally claimed no knowledge of the breach, the company eventually admitted that “customer data at a small number of stores may be at risk.”...
Racing Post – Nearly 700,000 UK customers were affected by a breach to a daily newspaper covering horses and racing... 677,000 customers’ names and passwords were leaked after an SQL injection attack in November 2013. The ICO sharply criticized Racing Post for its security, saying that the newspaper had taken “no steps to keep abreast of security developments”...
OTTO Pizzeria – Nine hundred people who just wanted a slice of pizza from OTTO Pizzeria in Portland, Maine, have now been notified that their information may have been compromised in a data breach...the breach was a result of malware installed on credit card terminals between May 1 and August 13, 2014. In an FAQ, OTTO’s asked a question on many people’s minds after hearing about a breach: “Why did it take over two months to discover the breach?”...
Oh, and in case it has to be medical info before it "counts" for some reason...
Cedars-Sinai Health Systems – An unencrypted laptop—which violated Cedars-Sinai Health Systems device policy—was stolen from the home of an employee last week, exposing more than 500 patients’ Social Security numbers. According to Cedars-Sinai, some patient information may have been stored in temporary files on the hard drive of the laptop, which the employee brought home to do additional work....
You were saying, Avik?
Oh, since I've reposted an unusually large amount of her article, it behooves me to give a shout-out to Forbes' Cybersecurity reporter, Kate Vinton.