[jart]

Reuters said, "[t]he problems began last week after hackers gained access to Change Healthcare's information technology systems [...]" so it was probably because some airhead gave their login to the hacker over the phone. Social engineering accounts for 98% of all cyber-attacks. Highly intelligent people who are only accustomed to employing software don't understand this, because the only thing they're afraid of is their software getting exploited.

[rolandog]

My money is on some un-upgraded backend/frontend stuff due to "compatibility" and/or lack of budget to hire people to keep things patched and up-to-date.

[15457345234]

Blah, when it comes to a target that large, hackers will insert a contractor into the role who can secure the relevant credentials.

This is another reason the remote-work scenario is such an issue - it's so trivial when large numbers of people are working remotely to gain access to secure systems.

[bradleyjg]

Why are we shipping software that’s hard on the outside and soft on the inside? We know our customers have employees that will be socially engineered. Heck, let’s not be smug, “we” have employees that will be too.

[TeMPOraL]

> software that’s hard on the outside and soft on the inside

So are tanks. And so are humans.

Security is opposite to usefulness. If you harden your system thoroughly to the limit of possibility, it becomes a rock. Systems are made to do something, so some parts need to actually do that thing.

[bradleyjg]

The software in question is currently doing nothing.