You're looking at one aspect of the budget. Non-labor expense is usually stuff like paying consulting firms, "cloud services," buying advertisements, paying for training, etc. Capital expense is where you typically book things like servers, enterprise software, storage, etc. So this could be a company who spends a ton of money on marketing crap, or it could just be a company that spends more on external advertising buys and focus studies than it does on sending IT guys to training and outsourcing business apps. Without looking at the total picture it's hard to say what they really invest in.
You say that you are "connected to" the network but you don't say what this relationship actually is. If you are hosted by the hospital (i.e. actually part of their network), then they may have an information security department who is checking all the hosts that are on their network. This may or may not be part of the contract, either as a service provided or something that is required by the contract or hosting arrangement.
If you are not actually part of their network or hosted by them, there may still be something in the contracts that says that they can do this sort of penetration testing with partner companies. It isn't the best idea to accept this as a contract term, but I have seen it requested before and it may have been in there with nobody to notice it.
I would say that whoever handles the arrangement with the hospital should probably talk with their counterpart on the hospital's side about this and learn more about why it is happening and what is done with the information.
With respect to the various posts that have/will happen about HIPAA, I would say that it's totally possible (and desirable) to have a proactive information security policy that can still comply with regulations. Proactive penetration testing is not prohibited.
That's not exactly the point. Sure, if a switch is sparking, then it is broken. The point of this gear is that it has been built such that if it breaks, it won't be able to emit dangerous sparks that might do something like cause an explosion in the presence of a buildup of gas or whatever. It still has to be replaced, just like the non-hardened switch, but it is less risky to deploy in an environment where such hazards might be present.
4 x 1TB drives, for a RAID 0 stripe.
How do you handle backing up the 4TB of data?
You have the same backup problem with a mishmash of drives that you cobble together on your own...
You don't even need junked-together tin can wi-fi. Assuming there is something in the air to talk to, you could probably just set up a satellite uplink/downlink and not need to worry about distance or anything. The technology for this is readily available and has been deployed all around the world.
The problem is that the government would probably not like this and is also probably very likely to find it and "deal with it" in the same way that they deal with any other communications channel they don't approve of.
And that's part of the point. Why would you want your radiology machines on any sort of main network, regardless of whether they can or can't be updated? There's no reason for them to be widely available and the technology to firewall it off is not expensive when compared to the cost of, say, a collection of medical imaging systems that will sit behind it.
I don't see how this translates to a conflict with net neutrality.
They aren't saying you can't use Usenet, that they are going to block it somehow or that you have to use their Usenet servers at a premium price. They're just saying they aren't going to host it and offer it as part of their service package.
Regardless of whether this is a nice thing to do or not, it doesn't have anything to do with net neutrality.
So the article basically says that they have a machine room with four somewhat standard racks. That's pretty small. Figure that at some point you'll need some network gear which will likely take up at least one of the racks (switches, patch panels to other areas of the building, routers/firewalls), hopefully some UPS gear, a few servers.. four 48U racks doesn't go very far. And it only makes sense nowadays to have a couple larger servers hosting a bunch of virtual machines for mundane things. They would be wise to do that no matter what OS they run, and that more than anything is why you can cut down on the number of physical machines that are installed.
If you read it, you'll see that it's basically an explanation of what information they do and do not have, how their various properties work and what information they store, and how much it will cost an agency to have certain information requests addressed. It doesn't represent some sort of sinister pipeline of information directly from their users' keyboards to the "evil government." If anything it's useful to everyone because it shows exactly what they do and don't save, and it might act as a deterrent for the casual or clueless investigator who watches too much CSI and thinks sending a request off will instantly pinpoint the bad guy by backtracking his DNS through the GPS IP address of his netbook's MAC module or whatever.
That sort of disclosure is on almost every statement that is issued by companies that are regulated by the SEC or some other regulatory body. Go look at any company's annual report, quarterly SEC filings, etc. Even press releases might have that sort of language on it. You basically have to try to spell out everything that could possibly go wrong so that stupid investors who don't understand that every business carries potential risks don't sue you later.
...but I personally would not think it was acceptable for them to edit a resume without collaborating with the candidate. If they want to suggest changes and work with them, that's one thing, but changes without the candidate's knowledge are a totally different matter.
Also, from the interviewer's point, they probably don't have the time or interest to weed through "why" it's wrong. And yeah, they may check in the future, and if stuff does not line up you might be held accountable for it. So even from an interviewer's point of view, it creates a potential problem. I would find another recruiting firm if you think it is beneficial to use one (I don't, necessarily, but it depends on your career and the types of companies you are looking for).
P.S. To question 3 - the recruiter is not your friend.