I wouldn’t comment on the story, except for the fact that it is a classic clickbait. Of course, by the time it is going to be up online here on the blog, there would be no follow up and in the rapid news cycle- long forgotten.
Are doctors to be blamed for the “security” of the servers? Seriously? Who can understand doing a ssh in the server? Or using the multi-factor authentication using the RSA keys while hopping from one system to another?
Who understands open and closed ports, UDP/TCP or firewalls using PuTTy or other IP tables?
The dumb retards in TechCrunch have done it again by sensationalising the issues, rather than getting to the crux of the problem.
Deven McGraw, who was the top privacy official in the Health and Human Services’ enforcement arm — the Office of Civil Rights, said if security assistance was more available to smaller providers, the government could focus its enforcement efforts on providers that willfully ignore their security obligations.
“Government enforcement is important, as is guidance and support for lower resourced providers and easy-to-deploy solutions that are built into the technology,” said McGraw. “It may be too big of a problem for any single law enforcement agency to truly put a dent in.”