It's a dozen very lonely guys and a bunch of Slashdot links....

Or is that statement too redundant?

Curiosity does have a bunch of 'nylon tie' like objects on the top of the rover, holding bundles of cables together. Wonder what they're made out of. A quick search found lots of documentation on exactly how to run the cables (fun factoid - they still use knots on cord) but not much on what the stuff was made out of.

No, what this actually says is that mission goals of a specific time are a nebulous, silly concept that are foisted off on the Power Point People because it's simpler than explaining complex physics and material sciences. It avoids icky concepts like engineering trade offs, probabilities, risk ratios and mathematical feats more complicated than 'next slide'.

We also don't know WHERE this router was. Community has 200 hospitals. That's a lot of routers. You don't upgrade everything at once, especially in a network that is running 24 x 7. Hell, I wonder how many companies with 200 sites even knows where all of it's routers are.

It could well have been hidden in a file cabinet in a disused lavatory.

Yeah, the big problem was when they tried to bill for it. The router realized it didn't have good insurance (Community didn't renew the service contract) and so it panicked and tried to muck with the billing program (since it the data had to run through the router anyway). It got confused about billing codes (there probably is an ICD 10 code for this, but we're not going to 10 for another year), opened a port to talk to another router and, just like a naked Windows 95 box, got pawned.

It's a bit more complex than that. First of all, network security IS important. It's just hard. As countless Slashdot 'discussions' have shown. Even if you are a big player like Community you're probably busy running around putting out fires most of the time. Community is big enough that they probably have a dedicated network security team. Somewhere. But they have something like 200 hospitals. And I can guarantee you that they're on different platforms running different software managed by persons of differing abilities.

When you have a breach like this, you don't just go "Eureka! I've found it!". You start out with "what the fuck...." You call somebody else. Who calls somebody else. Who calls the feds. Somebody else calls corporate legal.

Now you have a real problem. You have at least one committee.

And we all know how well this scenario turns out...

Ah, no. It has helped. Somewhat. Mostly it's shuffled the deck a bit. Still a whole bunch of people with essentially no way to pay for healthcare. The ACA was never designed to completely solve the problem, only improve it. And improve it a bit it has, with quite a bit of collateral damage.

The really sad part about the ACA is that the big winners were the insurance companies. They had to suck up and drop the pre existing conditions clause and had to allow for children to stay on their parent's insurance until age 26, but they got 5 years of near uncontrolled price increases and lots and lots of paybacks from the feds.

Score: US citizens 1, US Government 0, Insurance Industry 10, Big Pharma 4.

Oh, and the lawyers, they always seem to win extra points all the time.....

Imperial or US percentages?

Yep. Look up "Red Flags rule".

The manufacturers can already get that info, as well as pharmaceutical manufacturers. No need to be all covert about it. They made sure of that when they wrote HIPAA.

I mean really, Iceland. If you're going to have a earth-shattering-kaboom volcano erupting every couple of years, the least you could do is name it something remotely pronounceable.

The thesis is that you can waltz into a doctor's office AND a hospital with faked records and get the treatment needed. Basically the important bit is the insurance info - what has happened to "you" is less important than what you want to eventually happen to you (in the example given, a heart transplant).

I kinda doubt this, at least in a general sense. First off, you can show all the insurance cards and 'insurance info' to the medical provider all you want. The provider is going to query the insurance company before doing anything expensive. Fine, you say, call them all you want, the 'patient' is insured (it's just not the right patient). Now comes the hard part. The minute that the insurance company starts getting claims from both Peoria and Trenton, NJ flags are going to go up. Other old records would be sought (for something big like a transplant or joint replacement) which would likely not match.

Anything remotely resembling a heart transplant is going to fall apart unless both the real and fake patient have nearly identical physiques, ages and problems. More routine issues could go undetected for a while but persistent discrepancies would show up and as soon as the insurance company flagged the claim as problematic, big ticket items would be placed on hold until things go cleared up. When I worked in an early Medicaid HMO in the 1980's we had some problems with folks 'sharing' the Medicaid ID card (no picture, just a printout basically). It was pretty obvious when the patient's weight varied 30 pounds every other week. We soon insisted on photo ID.

And, in fact, the feds also insist on photo ID these days. Yes, if you're bleeding out we don't ask for it up front but as soon as your blood pressure normalizes we're poking around to figure out just who you are.

So it's possible that that full on medical records might be of value, but it's going to be much harder to monetize than a credit card number and likely would be of limited use. That doesn't mean that the information shouldn't be sealed up, of course. I'm just not sure how big a deal this is. And, in the case of the Community breach, they apparently did not get that information anyway.

"..ICE patterns formed and reformed on the screen as he probed for gaps, skirted the most obvious traps, and mapped the route he'd take through Sense/Net's ICE. It was good ICE. Wonderful ICE... ...His program had reached the fifth gate. He watched as his icebreaker strobed and shifted in front of him, only faintly aware of his hands playing across the deck, making minor adjustments. Translucent planes of color shuffled like a trick deck. Take a card, he thought, any card.

The gate blurred past. He laughed. The Sense/Net ice had accepted his entry as a routine transfer from the consortium's Los Angeles complex. He was inside. Behind him, viral subprograms peeled off, meshing with the gate's code fabric, ready to deflect the real Los Angeles data when it arrived."

William Gibson

This is most likely billing info. Until healthcare is free, you're going to have billing info. No way around it. The clinical info isn't really useful to your common crook - hard to make a buck out of knowing who has herpes since the pharmaceutical companies have already gleaned that information by paying your local pharmacist to tell them (legal and lucrative).

So, it's the old name, rank and social security number routine.

They weren't on the 'public' Internet. They got hacked. Why was this stuff even on the network? Excellent question. The quick answer is that the hospital would like to get paid. So they have to create claims. Claims these days are electronic, little to no paper. The claims have to be sent from the hospital to the insurance companies -- through a network. And that network is .... the Internet.

Yes. hospitals could just go back to point to point dialup but that's not very convenient. They most likely had firewalls and other fancy things to prevent this sort of thing from happening but got caught either mis configuring something or more likely, fooled some witless employee into divulging something they shouldn't have. And before you get all high and mighty about this sort of thing, stop and reflect that the next witless employee might well turn out to be you.