|
|
|
|
|
|
by tyre
94 days ago
|
|
|
This wouldn’t have solved the largest one, Change Healthcare. They are an insurance claims exchange. They have to have all of this data. The breach was social engineering of a customer support rep. Having worked with them, they’re absolutely necessary for healthcare (in its current form; don’t get me started) to function. The alternative is integrating with hundreds of payers (won’t happen) or doing it by fax/mail (disaster). |
|
|
- better security training for employees
- don't store 193 M sensitive records in such a way that one social-engineering attack gives you access to all of them
- don't store 193 M sensitive records without appropriate encryption, and make it hard to steal both the records and the decryption mechanism.