I am not posting this AC cause I dont care, you need to know..,.I just left the healthcare IT industry after 4 years...because security was a sham. It was up to me, the admin, to go on my own and secure everything. I had to do this after hours, on my on time, cause during the core business hours I had to do releases, stand up more servers, baby sit the dev's, fix customer SSO issues, etc. Developers run the web sites..dont believe me..well try to get Ruby devs to change the code ruby auto generates from "Select * from users" to only select the user. Try to make the DB not return a query formed like that. try to break the tables apart so when the code is trying to verify a user who is loggin in, the same row doesnt contain EVERYTHING about them.The devs shit bricks and bitch they cant meet schedule... cause THATS HOW RUBY WANTS IT (or java to some extent). and these are the devs on US soil. the ones in india dont really care, they get paid by the hour, a low amount, so why not argue over shit like this for weeks and miss schedule and drive up the cost(their income) I have worked for two large healthcare websites, that currently hold around 100+ million US users PHI data, and the systems are not as secure as they should be. If they were targeted, they would fold. I know because for some long periods of time i was the ONLY admin at these sites. when i try to lock some things down, ruby or java broke. The customer wants a new feature, by next week, then we did it. Customers like CVS pharmacy, Cigna, Humana. Not to mention the the majority of US companies are going towards a tele-health option for their employees. So when YOU get that letter in the mail saying you now havea tele-health option, guess what, we already have ALL your personal data, from your employer.. whether you choose to sign up or not. Im not saying telehealth is a bad idea, just that in today's society, profit drives everything, security is way down the list of priorities...and as these breaches continue to happen, remember it is not THE ADMINS fault...we can only do so much. yes this is Obamas fault, he is like the CEO. every CEO i have worked for has been more concerned with profit, schedule, capabilities then securing YOUR data.