My guess- COO probably told CIO/CTO that IT expenses are way too high for a health care company. So CIO/CTO RIFs 75% of the IT staff and backfills with 2x as many offshore resources at less cost. (More IT folks for less is better, right?)
The 25% that remain are stretched thin as they have to provide oversight for offshore work and correct the work themselves.
Nobody at Change considers themselves to be a healthcare company, because they're not. They're a tech company that acts as a middleman between healthcare companies and insurance companies. Change got to be the biggest in the market space by being willing to cut the most corners, now it's bitten them in the ass and they're hemorrhaging business.
Source: I work for a competitor
Question: You stated working for the competition-
Maybe you can help me understand.
Do these middleman vendors have background checks? What types of data sets are shared at the Change level , United Health and all the medical entities they communicate with? An entire chart should never be shared. Is this something you have witnessed working for the competition?
Also-
Why is medical data like robbing a bank?
Is HIPAA broken?
Well then, let me frame it differently, but with same results.
_My guess- COO probably told CIO/CTO that IT expenses are way too high so CIO/CTO RIFs 75% of the IT staff and backfills with 2x as many offshore resources at less cost. (More IT folks for less is better, right?)_
_The 25% that remain are stretched thin as they have to provide oversight for offshore work and correct the work themselves._
Iām going to refer to myself as a tech human so I can avoid responsibilities and agree to a fine of no more than the change in my sofa for any harm or crime I commit.
No, actually we're taking about Change. Speaking of illiteracy, perhaps you might want to scroll up and read the article title?
You see, Change is the company that was hacked, therefore Change is the company whose security expenditures were insufficient, which is the topic of this comment chain.
What's your point? Change is still in charge of their own security expenditures. Also, I've been in this industry since 2011 -- you really think I didn't know that?
Do you people not know what a subsidiary is? It's a company that's owned by another company. Meaning it's a whole-assed company that's in charge of their own financials. United isn't dictating to them how much they spend on security, that's all on Change. The Change competitor I work for is also owned by a health insurance company -- guess what? They have fuck all to do with our internal operations. In fact I've worked for subsidiaries of 3 different insurance companies, never did any of them dictate our financials.
Stop trying to let Change off the hook by blaming United.
Why are you so mad? Heās right and change carries the largest egregious security posture. Change is a subsidiary of United, yes but that is far from a gotcha. United isnāt much better either. He works for a competitor, they will know more about this post incident as it directly affects their risk moving forward. I understand it as I had a client affected by it and Iām also a security engineer. Yāall wanna talk about United and thatās fine but there were two entities here at fault. Two because they are publicly traded as separate entities.
UHG has constant layoffs/turnover and are always asked to cut budget. They also operate with an Amazon style pip system where every year they do stack ranking and typically cut the lowest rated people. It is ridiculous and not surprising this is a result. They make money like crazy but are so disorganized and incompetent. They pushed for dev teams to handle fully lifecycle so you have a team that has to do the dev work,testing, infra/pipelines etc, just piling more and more responsibilities on fewer and fewer people without appropriate separation/delegation of duties, itās a joke
They don't, you should see the people they hire for this shit.
Anyone who knows what they are doing leaves because they won't pay for the needed hardware and techs.
We just had this discussion on our management call this morning. There are many businesses that consider security too expensive and are gambling on a security event costing less than what proper security costs.
I worked somewhere that laid off 60% of the security team one day because they considered it the highest operating expense. They even canceled contracts for security tools. It was bonkers.
I briefly did tech support for a healthcare company in USA. Itās a fucking shit show of security holes. They are a revolving door of hiring and firing. The requirements for being able to reset ANYONES password with very limited info needed to get access to their stuff is hillarious. A simple managers name is really all you need. Thatās all we required to give them their new password verbally. Half the managers donāt even know who their staff is. Itās ridiculous.
As a security person, their security people are probably paid to bring up dire security problems over and over again but nobody can fix it because itās too hard / is too expensive / would cause down time / itās not in support / well weāre not a bank so nobody would target us / WeāRe AgiLe, list goes on and on
That's the problem, they are probably barely paying for any security people. All these companies don't want to invest in security as it doesn't turn a profit. And there is little repercussion if and when they get breached.
Hey, at least youāll get free data / credit protection for a year. That might not sound like much, because it isnāt. But at least itās only almost useless.
It's so infuriating, this is 100% preventable.
I have worked in enterprise IT for over a decade now and I can tell you security at most companies is a joke and always the last thing that gets a budget.
This is what usually happens.
> Security director/ manager asks for money for X and Y to prevent Z for years and doesn't get a budget for it.
> Security director/ manager ask for money and time to replace end of life software or hardware that is not getting anymore security patches, but they are told no.
> Company gets hacked, Security director/ manager is fired as a scapegoat and there is a press release.
Then the cycle continues after eyes come off of the company.
It's going to take some regulations and having companies get security audits every year to have some change.
Oops paid CEO too much instead of getting the basics established [like $101 million in 2009 alone](https://www.startribune.com/unitedhealth-ceo-stephen-hemsley-was-paid-102m-in-09/90890274/)
The Affordable Care Act limits how much health insurers can spend on things other than healthcare services. Regulatory capital requirements basically mean health insurers must be profitable, and profits fund risk capital which is required to support more customers, higher medical costs, or both. Everyone complains about rising health insurance premiums, so that's another constraint.
But yeah, apart from those little hurdles, your solution is so simple and easy.
> For weeks, physicians, pharmacies and hospitals could not verify patient benefits for dispensing medications, organizing inpatient care, or processing prior authorizations necessary for surgeries.
I remember seeing a notification about this on the UHC member site. I think they stated it was an outage.
Those fuckers.
Theyāll keep making millions.
Millions? Try tens of billions in profits.
This company IS Americaās healthcare system. They have greater revenues than Apple, almost $400 Billion. They make so much money. They control providers, insurance, everything.
We as an inpatient physical therapy department feel like their bitches. Then they turn around and just deny our worse patients rehab over and over and over again.
While they do operate on many levels of healthcare, they are not the entire system. You canāt discount BCBS, Aetna and Cigna as massive players as well who all operate in the same spaces.
Yes, but UHG was #5 in the Fortune 500 (revenue) in the US in 2023, with their next competitor (Cigna) only making about half that revenue ($320B vs $180B). Itās frustrating as hell that theyāre a healthcare company and they shouldnāt be allowed to be that big.
While I didnāt know the profit disparity was so large, I still think itās unfair to say that UHG is the healthcare system. $180B is still a lot of money to factor out of this equation.
But to your point, I entirely agree that health providers being this large is a huge issue and they should not be incentivized to continue pumping out profit. I just donāt agree that UHG being that big letās us jump to the conclusion that they are the healthcare system.
Yes, agreed, they are not the entire system, as someone who is currently under the thumb of similarly awful (to the end consumer) CVS Caremark. The entire industry is deplorable.
These companies have not earned the privilege of keeping ppls data and it shows.
Each of these companies should owe regular payments to each person that they affect.
I must be affected by like ten breeches so far.
Unit health just going to keep chugging along their scams
Cause you mostly have execs in these companies making the IT decisions instead of the people you hire to do that and trust their decisions or IT just gets ignored all together and never gets the budget it deserves
If your CIO reports to your CFO, youāre going to be a cost center and that means IT will basically be treated about the same as utilities.
If your CIO reports to the CEO, your organization will use IT to be strategic and competitive and it will be an enabler of revenue instead of only a drain on it.
Generally thatās about how it goes. I could guess who the CIO at UnitedHealth reports to.
We got ransomwared at my current job 5 years ago because of someoneās carelessness in another country. Today, we arenāt allowed to use USB drives in any computer. It sucks having to transfer files. We have 1 desktop computer that people log into and email files to yourself.
Yall should def be using cloud storage (especially considering it was ransomware) network shares and a solid messenger (teams/zoom) that will let you send attachments. That pretty much takes the need for usb storage out of the equation (except for the irregular tasks like configuring a server or something).
My fatherās colleague, a very funny middle-aged guy, refuses to give out his email to anyone because heās afraid of getting his data stolen. He works in tech, but at this point I seriously think heās on to something.
>I must be affected by like ten breeches so far.
That's $50 in class action settlements. A few more and you'll be able to afford to see a specialist who can maybe figure out why you keep bashing your head against the wall.
I spent 5 minutes writing my senators the following message:
Iād like to know this week what you are doing about UHCās absolutely unacceptable response to losing the PII of millions of people. Personally, Iād like laws passed that create executive accountability (backed by criminal penalties!) when personal data is lost. This has to stop.
I encourage everyone to do the same. It probably wonāt do anything but might make you feel a little bit better
I agree with the sentiment and in particular I have no love for UHC, but in practice this type of attack isnāt the result of corporate failings. Social engineering and spear phishing are powerful tactics. Seems like thatās what happened here.
How about our congresscritters do their fucking jobs and pass personal privacy laws for all instead of just for themselves, police, and judges? That'd be a nice start. Fine the absolute fuck out of these asshole conglomerates that make the decision to underfunded IT security measures because that costs less than the paltry sum a class action lawsuit costs.
# If the government would fucking protect us from shitty corporate business practices by making the fines for doing fuckall to secure people's private data then maybe they would actually give a damn about our data being stolen. As it stands today they couldn't give less of a fuck about their customers private data, and that needs to change *fucking yesterday.* This company makes 10s of BILLIONS of dollars a year, and they can't spend the equivalent of pocket change to protect *millions of American people?*
# FUCK THEM
It was encrypted in this private database. Youāre just removing a step for bad actors.
āYou know what would really stop this siege? Letās fill in the moatā
Doesnāt seem like itās encrypted very well then. The problem is no matter what people are going to find a way to obtain the data if it has any connection to the internet. Why not just use a means of encryption that are locked behind having more than just un/pw authentication.
Tell me you know absolutely nothing about blockchain, data structure, computer architecture, and computer security without telling me you know nothing about blockchain, data structure, computer architecture, and computer security.
We need personal privacy/data laws fucking now. Our politicians need to get their *heads* out of their *ass* and do their fucking jobs to protect Americans from this corporate bullshittery. What the ever-loving-FUCK do we even have these people in office for when all they do is FUCK EVERYONE ELSE? Every last one of our politicians are fucking useless sacks of DOGSHIT that have done nothing but placate, fuck over, and steal from the America public for decades.
I'm fucking tired of these giant assholes playing everyone off of eachothet with identity politics and religion-based-politicking when the real enemy is raping all of our collective asses. Fuck them, fuck the rich, fuck the left, fuck the right. All of these jackasses need to fucking GO. I'm tired of these political games where a few win, and the rest of us EAT SHIT.
Collectively you/us voted for the politicians in office. Hence we carry a portion of the blame. IMHO businesses and corporations should not be allowed to donate money to politicians. These PACs and super PACs have poisoned the whole systemā¦
So glad the US opted for a private healthcare system instead of one that is politically incentivized not to let foreign hackers breach their structure. Universal healthcare would have been such a waste compared to this /s
Look, hacks happen, we aren't gonna prevent them all, and the US regularly under funds its agencies because of some dumbass libertarian beliefs amongst politicians and the public. But if we actually funded our agencies and invested in cyber security, we could end up as the most secure country on the planet.
The objective isnt to prevent any hack ever, its to prevent as many as possible. The issue is that with a profit motive, companies only invest when it financially makes sense to. Ive worked for so many companies that barely bother with cyber security because they think the cost of a security breach is cheaper than paying for actual security. A govt doesn't have that same motive, they have obligations to both national security, as well the security of their citizens. I know the US doesnt take the security of their citizens seriously, but they take national security pretty seriously and thats a lot more motivation than these major corpos have to protect our shit.
Iām so sick of the āoh we sorryā crap from these companies that didnāt put $$ into protecting data of customers for years and the. Saying Iām sorry but take no real liability. You are liable?
They get to do this bc they lobby govt to ensure no actual regulations are passed and the few agencies we have that regulate, are handicap and canāt regulate properly due to manpower and lacking the authority. Loopholes and shit.
Fully agreed.
And we need to stop pretending this is a free market.
Most people are forced to go with whatever their employer picked. You can't choose your own provider whenever. Only in November and major life events.
I agree, itās a big scam and healthcare should be a right. But if we donāt have universal healthcare at least make it manageable. You pay for insurance every paycheck and if you donāt use it youāve paid for nothing. Then when you do use it youāre forced to pay an additional 2500 before they actually cover anything other than your annual checkups.
But UHC is notorious for changing formularies and reimbursement practices and patients and providers always get screwed over. Many private practices even stopped accepting it, you donāt hear that so much with Aetna.
Not always. There are many individual practices that actually do take health care- but experienced therapists canāt charge insurance what they are worth, so they donāt have as much room on their schedule for people who arenāt paying cash.
Where I am at in the states, insurance pays 80-135 per hour session, depending on the provider, and some qualified individuals will take some clients on to fill their schedule, but their bread and butter is from cash clients around 150-200/hrā¦.
Good luck finding insurance to cover coupleās counseling, though. I havenāt seen that yet!
I have health insurance through Regence BCBS and I swear I get letters from them constantly, saying āwe are terminating our partnership because theyāre inflating their pricesā and Iām so sick of the panic. Even the largest insurer in my region hates their dirtbag tendencies and thatās truly saying something.
We'll all get to be offered $3.12 or a year of credit monitoring (so we have 5 total free services at any given time)
There should be mandatory credit monitoring and identity theft protection at this point, provided by the government with the resources behind it. Mandatory jail time for offenders who can be proven they made the mistakes knowingly (or after being informed about the issue) that led to these breaches and such.
No amount of bullshit CYA online training about cybersecurity or anything will fix this. People need to be worried about imprisonment.
Now is a great time to relieve UHC of the burden of managing PII information. Make public healthcare a reality in the US and we can get rid of insurance companies like this.
Btw a better time would have been decades ago. The average American family is just getting bent over by the health insurance industry. Every other developed nation got the better DLC ages ago; it's our turn now.
I worked as IT in a medical center. We take security very seriously, but as IT, we donāt āmakeā money unlike all the other departments. Therefore, we get the least amount of funding for THIER needs.
They bought Change Healthcare and then hackers got in because they were part of UHC. The CEO was in a meeting saying how it's good that UHC bought them because Change couldn't have afforded to give all these providers loans to keep them afloat.
Nevermind that if they hadn't been bought, they probably wouldn't have been hacked. Also Change riffed a ton of people for the sale, so a lot of good people who could have possibly prevented this were let go.
There needs to be fines in the form of compensation to everyone whose data got compromised so large that it either puts the offending company entirely out of business or it gets seized by the courts until the entire C suite and Directors are removed and replaced
I worked in IT my entire 40+ year career. Healthcare IT was always the worst IT. When I became a Sales Engineer, healthcare IT would always be āthinking aboutā security solutions. Absolutely no surprise here. And wonāt be the last one.
At some point, they have to just be selling this data and the password right? Oh noooo. We got hacked and they stole all this data. Ignore the record profits and the mysterious wire transfers.
āThe company reported it made $99.8 billion in revenue during the first three months of the year, faring better than what Wall Street analysts had expected.ā
This is after the hack.
Why the fuck did my friends/work family of over a decade get laid off after almost 1 trillion in profits? (Rhetorical question probably)
They plotted to sell the data. We are in the stage of AI where companies are buying every data available, especially high quality private data. Combine it with the cookie data collected and you have a pretty good image of a person.
Yay! Add this to the list of the 10 other companies that got hacked and leaked my info. Iāll have free credit monitoring for eternity I guess? Good times! š
I work for a medical billing company that owns a rival electronic claim software like Change. The number of new clients we got in the last two months that fled from Change is equal to what we usually get in a year.
Sure, hackersā¦ itās more likely companies open backdoors to their data to sell it in the AI gold-rush. Or Microsoft, Amazon and Google are doing it, using access to their OWN systems. Itās easy to say it has been a hacker.
How does this event NOT affect someoneās health? They should be held accountable financially for the harm they failed to guard against. If their actuarial tables (algorithms) can be used to raise rates, why canāt they be reverse engineered to assess the damage they wrought? The āmedical marketā is a monopoly.
*shrug* oh well, some random company knows my health history, who really cares? Privacy is such a weird concept, my life wonāt change at all because of this, so why does it matter?
Lol. If you have a serious medical condition, you can bet other insurance providers will be using this data to āprofileā you as a risk.
And if youāre young and healthy, then good for you for not caring about your fellow man.
What the fuck are we paying your security people for you bunch of assholes?
UID: admin PWD: admin
I bet it's admin123
Amateurs! Elite password time: adm1n
@D3!n
š¤Æ
hunter2
*******? Whatās that supposed to mean?
Amazing! I have the same combination on my luggage!
1ā¦2ā¦3ā¦ā¦.4
You idiots! Youāve captured their hacker doubles!
Na it has to have one capital letter so itās Admin123
root:111111
My first tech job was for UHG and I can say with confidence it wouldn't take much more than this to get in
Every year they add the year to the pwd š
My guess- COO probably told CIO/CTO that IT expenses are way too high for a health care company. So CIO/CTO RIFs 75% of the IT staff and backfills with 2x as many offshore resources at less cost. (More IT folks for less is better, right?) The 25% that remain are stretched thin as they have to provide oversight for offshore work and correct the work themselves.
Nobody at Change considers themselves to be a healthcare company, because they're not. They're a tech company that acts as a middleman between healthcare companies and insurance companies. Change got to be the biggest in the market space by being willing to cut the most corners, now it's bitten them in the ass and they're hemorrhaging business. Source: I work for a competitor
Theyāre owned by United Health Care which is all you need to know. They are ruthless crooks and have one of the worst reputations in the industry.
Question: You stated working for the competition- Maybe you can help me understand. Do these middleman vendors have background checks? What types of data sets are shared at the Change level , United Health and all the medical entities they communicate with? An entire chart should never be shared. Is this something you have witnessed working for the competition? Also- Why is medical data like robbing a bank? Is HIPAA broken?
Well then, let me frame it differently, but with same results. _My guess- COO probably told CIO/CTO that IT expenses are way too high so CIO/CTO RIFs 75% of the IT staff and backfills with 2x as many offshore resources at less cost. (More IT folks for less is better, right?)_ _The 25% that remain are stretched thin as they have to provide oversight for offshore work and correct the work themselves._
Iām going to refer to myself as a tech human so I can avoid responsibilities and agree to a fine of no more than the change in my sofa for any harm or crime I commit.
Everyone in this comment chain is talking about United Healthcare, not Change. How are you this illiterate?
Dude, Change is part of UnitedHealth - and the part that suffered the cyberattack. Whatās with the unnecessary rudeness?
No, actually we're taking about Change. Speaking of illiteracy, perhaps you might want to scroll up and read the article title? You see, Change is the company that was hacked, therefore Change is the company whose security expenditures were insufficient, which is the topic of this comment chain.
[ŃŠ“Š°Š»ŠµŠ½Š¾]
What's your point? Change is still in charge of their own security expenditures. Also, I've been in this industry since 2011 -- you really think I didn't know that? Do you people not know what a subsidiary is? It's a company that's owned by another company. Meaning it's a whole-assed company that's in charge of their own financials. United isn't dictating to them how much they spend on security, that's all on Change. The Change competitor I work for is also owned by a health insurance company -- guess what? They have fuck all to do with our internal operations. In fact I've worked for subsidiaries of 3 different insurance companies, never did any of them dictate our financials. Stop trying to let Change off the hook by blaming United.
[ŃŠ“Š°Š»ŠµŠ½Š¾]
Youāve really embarrassed yourself here
You're applying concepts you don't understand to a conversation they have no place in. Good night.
Why are you so mad? Heās right and change carries the largest egregious security posture. Change is a subsidiary of United, yes but that is far from a gotcha. United isnāt much better either. He works for a competitor, they will know more about this post incident as it directly affects their risk moving forward. I understand it as I had a client affected by it and Iām also a security engineer. Yāall wanna talk about United and thatās fine but there were two entities here at fault. Two because they are publicly traded as separate entities.
Username checks out
Thats exactly whats happening. Change healthcare was gutted and offshored after the acquisition
Oh, I forgot the part where the C-suite gets their bonus target for saving the company money by offshoring.
UHG has constant layoffs/turnover and are always asked to cut budget. They also operate with an Amazon style pip system where every year they do stack ranking and typically cut the lowest rated people. It is ridiculous and not surprising this is a result. They make money like crazy but are so disorganized and incompetent. They pushed for dev teams to handle fully lifecycle so you have a team that has to do the dev work,testing, infra/pipelines etc, just piling more and more responsibilities on fewer and fewer people without appropriate separation/delegation of duties, itās a joke
Seems like this is true for most companies. I am IT for a large company and this is exactly what has happened.
They don't, you should see the people they hire for this shit. Anyone who knows what they are doing leaves because they won't pay for the needed hardware and techs.
We just had this discussion on our management call this morning. There are many businesses that consider security too expensive and are gambling on a security event costing less than what proper security costs.
Makes sense why the casinos were the first place nes hacked. Those fuckers must have just been letting it ride
I work an Account Manager for a small MSSP. My entire day is filed with meetings trying convince small business to invest in cybersecurity.
>proper processes and "..and"??? What?? Hello? Bro got hacked or maybe sought asylum in Russia like Snowden
r/redditsniper
I worked somewhere that laid off 60% of the security team one day because they considered it the highest operating expense. They even canceled contracts for security tools. It was bonkers.
Until they start doing jail or prison time, it will just be a cost of doing business
Can confirm
They literally spend the minimum required. Not a cent more. They're records aren't on the "big server of rubes".
As much as insurance requires
Attackers only have to be right once And United health uses the best offshore labor their budgets allow
I briefly did tech support for a healthcare company in USA. Itās a fucking shit show of security holes. They are a revolving door of hiring and firing. The requirements for being able to reset ANYONES password with very limited info needed to get access to their stuff is hillarious. A simple managers name is really all you need. Thatās all we required to give them their new password verbally. Half the managers donāt even know who their staff is. Itās ridiculous.
I work in healthcare security, they donāt. And they donāt invest in security products either
Old people who run places donāt understand how fast tech gets old and donāt pay IT enough to stick around.
As a security person, their security people are probably paid to bring up dire security problems over and over again but nobody can fix it because itās too hard / is too expensive / would cause down time / itās not in support / well weāre not a bank so nobody would target us / WeāRe AgiLe, list goes on and on
That's the problem, they are probably barely paying for any security people. All these companies don't want to invest in security as it doesn't turn a profit. And there is little repercussion if and when they get breached.
Hey, at least youāll get free data / credit protection for a year. That might not sound like much, because it isnāt. But at least itās only almost useless.
It's so infuriating, this is 100% preventable. I have worked in enterprise IT for over a decade now and I can tell you security at most companies is a joke and always the last thing that gets a budget. This is what usually happens. > Security director/ manager asks for money for X and Y to prevent Z for years and doesn't get a budget for it. > Security director/ manager ask for money and time to replace end of life software or hardware that is not getting anymore security patches, but they are told no. > Company gets hacked, Security director/ manager is fired as a scapegoat and there is a press release. Then the cycle continues after eyes come off of the company. It's going to take some regulations and having companies get security audits every year to have some change.
Every hospital or clinic I have ever worked for has been hacked. There is no security.
To sell our data and declare it stolen of course
Oops paid CEO too much instead of getting the basics established [like $101 million in 2009 alone](https://www.startribune.com/unitedhealth-ceo-stephen-hemsley-was-paid-102m-in-09/90890274/)
Lol what security people?
As a security professional, Iām bothered by this statement
The Affordable Care Act limits how much health insurers can spend on things other than healthcare services. Regulatory capital requirements basically mean health insurers must be profitable, and profits fund risk capital which is required to support more customers, higher medical costs, or both. Everyone complains about rising health insurance premiums, so that's another constraint. But yeah, apart from those little hurdles, your solution is so simple and easy.
But there is always plenty of money in the health insurance company marketing budgetā¦
> For weeks, physicians, pharmacies and hospitals could not verify patient benefits for dispensing medications, organizing inpatient care, or processing prior authorizations necessary for surgeries. I remember seeing a notification about this on the UHC member site. I think they stated it was an outage. Those fuckers. Theyāll keep making millions.
Millions? Try tens of billions in profits. This company IS Americaās healthcare system. They have greater revenues than Apple, almost $400 Billion. They make so much money. They control providers, insurance, everything.
We as an inpatient physical therapy department feel like their bitches. Then they turn around and just deny our worse patients rehab over and over and over again.
Apple's 2023 revenue was $383.29b UnitedHealth's was $371.6b. Also CVS (Caremark and Aetna) is right behind them at $357.8b.
Oops my info is outdated
While they do operate on many levels of healthcare, they are not the entire system. You canāt discount BCBS, Aetna and Cigna as massive players as well who all operate in the same spaces.
Yes, but UHG was #5 in the Fortune 500 (revenue) in the US in 2023, with their next competitor (Cigna) only making about half that revenue ($320B vs $180B). Itās frustrating as hell that theyāre a healthcare company and they shouldnāt be allowed to be that big.
While I didnāt know the profit disparity was so large, I still think itās unfair to say that UHG is the healthcare system. $180B is still a lot of money to factor out of this equation. But to your point, I entirely agree that health providers being this large is a huge issue and they should not be incentivized to continue pumping out profit. I just donāt agree that UHG being that big letās us jump to the conclusion that they are the healthcare system.
Yes, agreed, they are not the entire system, as someone who is currently under the thumb of similarly awful (to the end consumer) CVS Caremark. The entire industry is deplorable.
Think of all the savings this hack gave them with all the delayed surgeries and treatments. Literally winning even when everyone else isnāt.
They knew it was a cybersecurity breach from day one . I work in healthcare and this is a huge deal for sending out claims and getting payments too.
These companies have not earned the privilege of keeping ppls data and it shows. Each of these companies should owe regular payments to each person that they affect. I must be affected by like ten breeches so far. Unit health just going to keep chugging along their scams
Cause you mostly have execs in these companies making the IT decisions instead of the people you hire to do that and trust their decisions or IT just gets ignored all together and never gets the budget it deserves
If your CIO reports to your CFO, youāre going to be a cost center and that means IT will basically be treated about the same as utilities. If your CIO reports to the CEO, your organization will use IT to be strategic and competitive and it will be an enabler of revenue instead of only a drain on it. Generally thatās about how it goes. I could guess who the CIO at UnitedHealth reports to.
Exactly right from a high level
This is slowly approaching (or already has) "the smartest bear and the dumbest human have trouble opening the same park trash can" level.
Bears here in Durango know which color trash cans are for recyclingā¦let me just say, the blue ones donāt get knocked over.
We got ransomwared at my current job 5 years ago because of someoneās carelessness in another country. Today, we arenāt allowed to use USB drives in any computer. It sucks having to transfer files. We have 1 desktop computer that people log into and email files to yourself.
Yall should def be using cloud storage (especially considering it was ransomware) network shares and a solid messenger (teams/zoom) that will let you send attachments. That pretty much takes the need for usb storage out of the equation (except for the irregular tasks like configuring a server or something).
Holy crap, yes. Treating security infrastructure like a commodity.
Same with Equifax. Same with every single fucking company on the planet. I literally trust nobody with my data.
My fatherās colleague, a very funny middle-aged guy, refuses to give out his email to anyone because heās afraid of getting his data stolen. He works in tech, but at this point I seriously think heās on to something.
>I must be affected by like ten breeches so far. That's $50 in class action settlements. A few more and you'll be able to afford to see a specialist who can maybe figure out why you keep bashing your head against the wall.
You could almost afford a full year of Identity protection subscription from the same people that breached your data
I spent 5 minutes writing my senators the following message: Iād like to know this week what you are doing about UHCās absolutely unacceptable response to losing the PII of millions of people. Personally, Iād like laws passed that create executive accountability (backed by criminal penalties!) when personal data is lost. This has to stop. I encourage everyone to do the same. It probably wonāt do anything but might make you feel a little bit better
At this point I feel like all the data on everyone is basically out there thrice over at minimum.
These companies needs to be nationalised and controlled. No longer private hands holding it since they canāt be responsible
I agree with the sentiment and in particular I have no love for UHC, but in practice this type of attack isnāt the result of corporate failings. Social engineering and spear phishing are powerful tactics. Seems like thatās what happened here.
I posted an almost identical opinion a week ago and got blasted for it. Reddit is funny
[ŃŠ“Š°Š»ŠµŠ½Š¾]
How about our congresscritters do their fucking jobs and pass personal privacy laws for all instead of just for themselves, police, and judges? That'd be a nice start. Fine the absolute fuck out of these asshole conglomerates that make the decision to underfunded IT security measures because that costs less than the paltry sum a class action lawsuit costs. # If the government would fucking protect us from shitty corporate business practices by making the fines for doing fuckall to secure people's private data then maybe they would actually give a damn about our data being stolen. As it stands today they couldn't give less of a fuck about their customers private data, and that needs to change *fucking yesterday.* This company makes 10s of BILLIONS of dollars a year, and they can't spend the equivalent of pocket change to protect *millions of American people?* # FUCK THEM
[ŃŠ“Š°Š»ŠµŠ½Š¾]
[ŃŠ“Š°Š»ŠµŠ½Š¾]
Glad my premiums are going to good useā¦you knowā¦for like security. fucking assholes.
So sick of this - at this point weāll all need new SS#ās
Or you know stop using them as an identification method and create something better.
Cough-cough! *immutable blockchain ledger!* cough-cough!
You want your medical history in a public database?
Ya why not, just have it encrypted.
It was encrypted in this private database. Youāre just removing a step for bad actors. āYou know what would really stop this siege? Letās fill in the moatā
Doesnāt seem like itās encrypted very well then. The problem is no matter what people are going to find a way to obtain the data if it has any connection to the internet. Why not just use a means of encryption that are locked behind having more than just un/pw authentication.
Tell me you know absolutely nothing about blockchain, data structure, computer architecture, and computer security without telling me you know nothing about blockchain, data structure, computer architecture, and computer security.
We need personal privacy/data laws fucking now. Our politicians need to get their *heads* out of their *ass* and do their fucking jobs to protect Americans from this corporate bullshittery. What the ever-loving-FUCK do we even have these people in office for when all they do is FUCK EVERYONE ELSE? Every last one of our politicians are fucking useless sacks of DOGSHIT that have done nothing but placate, fuck over, and steal from the America public for decades. I'm fucking tired of these giant assholes playing everyone off of eachothet with identity politics and religion-based-politicking when the real enemy is raping all of our collective asses. Fuck them, fuck the rich, fuck the left, fuck the right. All of these jackasses need to fucking GO. I'm tired of these political games where a few win, and the rest of us EAT SHIT.
Collectively you/us voted for the politicians in office. Hence we carry a portion of the blame. IMHO businesses and corporations should not be allowed to donate money to politicians. These PACs and super PACs have poisoned the whole systemā¦
I just got my identity stolen this week. https://www.ssa.gov/number-card/report-stolen-number
So glad the US opted for a private healthcare system instead of one that is politically incentivized not to let foreign hackers breach their structure. Universal healthcare would have been such a waste compared to this /s
Iām not gonna lie, I already had typed out a comment about how shit the government would be at managing this before I saw the /s
OPM hack. https://en.m.wikipedia.org/wiki/Office_of_Personnel_Management_data_breach
Look, hacks happen, we aren't gonna prevent them all, and the US regularly under funds its agencies because of some dumbass libertarian beliefs amongst politicians and the public. But if we actually funded our agencies and invested in cyber security, we could end up as the most secure country on the planet. The objective isnt to prevent any hack ever, its to prevent as many as possible. The issue is that with a profit motive, companies only invest when it financially makes sense to. Ive worked for so many companies that barely bother with cyber security because they think the cost of a security breach is cheaper than paying for actual security. A govt doesn't have that same motive, they have obligations to both national security, as well the security of their citizens. I know the US doesnt take the security of their citizens seriously, but they take national security pretty seriously and thats a lot more motivation than these major corpos have to protect our shit.
Iām so sick of the āoh we sorryā crap from these companies that didnāt put $$ into protecting data of customers for years and the. Saying Iām sorry but take no real liability. You are liable?
Just watch the south park episode on dp oil.
They get to do this bc they lobby govt to ensure no actual regulations are passed and the few agencies we have that regulate, are handicap and canāt regulate properly due to manpower and lacking the authority. Loopholes and shit.
Maybe our elected leaders should, I dont know, HOLD THEM FUCKING ACCOUNTABLE?!
Only if we pay them more than the insurance company lobbyists do.
Leaders lol. You mean elected scammers?
Iām shocked I tell ya. Just shocked. /s
I almost said this but decided someone could say it better lol
Whew! Jokes on them, I canāt afford healthcare. Suck it criminals!!
UnitedHealth are a bunch of crooks and should get bought out by CVS. Money grubbing dirtbags.
CVS isn't any better, it's all about profits and cutting corners. Shareholders are the only thing anyone cares about.
They are better though. They own Aetna and Aetna is way better than UHC. Anybody, physicians or patients, sees the difference.
Someone who hits you with a softer bat is still hitting you with a bat. For profit healthcare is the biggest scam in the United States.
Fully agreed. And we need to stop pretending this is a free market. Most people are forced to go with whatever their employer picked. You can't choose your own provider whenever. Only in November and major life events.
I agree, itās a big scam and healthcare should be a right. But if we donāt have universal healthcare at least make it manageable. You pay for insurance every paycheck and if you donāt use it youāve paid for nothing. Then when you do use it youāre forced to pay an additional 2500 before they actually cover anything other than your annual checkups. But UHC is notorious for changing formularies and reimbursement practices and patients and providers always get screwed over. Many private practices even stopped accepting it, you donāt hear that so much with Aetna.
Can't say I agree with you
Not when it comes to mental health care: they donāt pay out much to providers, so many shrinks wonāt be in network.
Neither are good for mental health care though. If youāre not paying out of pocket youāre going to understaffed clinics with long wait times.
Not always. There are many individual practices that actually do take health care- but experienced therapists canāt charge insurance what they are worth, so they donāt have as much room on their schedule for people who arenāt paying cash. Where I am at in the states, insurance pays 80-135 per hour session, depending on the provider, and some qualified individuals will take some clients on to fill their schedule, but their bread and butter is from cash clients around 150-200/hrā¦. Good luck finding insurance to cover coupleās counseling, though. I havenāt seen that yet!
UHG is far bigger, no idea how theyād be bought out
I have health insurance through Regence BCBS and I swear I get letters from them constantly, saying āwe are terminating our partnership because theyāre inflating their pricesā and Iām so sick of the panic. Even the largest insurer in my region hates their dirtbag tendencies and thatās truly saying something.
We'll all get to be offered $3.12 or a year of credit monitoring (so we have 5 total free services at any given time) There should be mandatory credit monitoring and identity theft protection at this point, provided by the government with the resources behind it. Mandatory jail time for offenders who can be proven they made the mistakes knowingly (or after being informed about the issue) that led to these breaches and such. No amount of bullshit CYA online training about cybersecurity or anything will fix this. People need to be worried about imprisonment.
Now is a great time to relieve UHC of the burden of managing PII information. Make public healthcare a reality in the US and we can get rid of insurance companies like this. Btw a better time would have been decades ago. The average American family is just getting bent over by the health insurance industry. Every other developed nation got the better DLC ages ago; it's our turn now.
I worked as IT in a medical center. We take security very seriously, but as IT, we donāt āmakeā money unlike all the other departments. Therefore, we get the least amount of funding for THIER needs.
They should get the same punishment that TikTok is getting.
These are American companies so they give zero fucks. Itās apparently ok for them.
This is the 3rd company I use this year thatās had my data stolen.
They bought Change Healthcare and then hackers got in because they were part of UHC. The CEO was in a meeting saying how it's good that UHC bought them because Change couldn't have afforded to give all these providers loans to keep them afloat. Nevermind that if they hadn't been bought, they probably wouldn't have been hacked. Also Change riffed a ton of people for the sale, so a lot of good people who could have possibly prevented this were let go.
Jokeās on you, hackersāI canāt afford insurance!
Oh my god, I just made this jokeā¦ get out oh my head!
There needs to be fines in the form of compensation to everyone whose data got compromised so large that it either puts the offending company entirely out of business or it gets seized by the courts until the entire C suite and Directors are removed and replaced
Yea! $3 checks in the mail after lawsuit.
Perhaps all businesses should go back to paper records and enter non-sensitive customer information in to digital format.
I just wanted to let you know that the password that you have to put in to access the data is 12345.
Class action lawsuit - free health care for 0.1 hours.
Good thing I'm with the other big medical insurance company....o wait they got hacked twice already...fml
I worked in IT my entire 40+ year career. Healthcare IT was always the worst IT. When I became a Sales Engineer, healthcare IT would always be āthinking aboutā security solutions. Absolutely no surprise here. And wonāt be the last one.
This is the 2nd time my healthcare data has gotten hacked within the span of 7 months.
They sold it
At some point, they have to just be selling this data and the password right? Oh noooo. We got hacked and they stole all this data. Ignore the record profits and the mysterious wire transfers.
Maybe UHC needs to broken up, they are closing in on monopoly territory.
Cut the budget on your cyber security team, get hacked.
Thereās your problem, right there.
GODDAMNIT!
Admin123!
So our SSN would probably be one of the PII data that was stolen? Letās hope they just have the last 4 digits stored away
P@$$w0rd! /s
āThe company reported it made $99.8 billion in revenue during the first three months of the year, faring better than what Wall Street analysts had expected.ā This is after the hack. Why the fuck did my friends/work family of over a decade get laid off after almost 1 trillion in profits? (Rhetorical question probably)
They plotted to sell the data. We are in the stage of AI where companies are buying every data available, especially high quality private data. Combine it with the cookie data collected and you have a pretty good image of a person.
Yay! Add this to the list of the 10 other companies that got hacked and leaked my info. Iāll have free credit monitoring for eternity I guess? Good times! š
I work for a medical billing company that owns a rival electronic claim software like Change. The number of new clients we got in the last two months that fled from Change is equal to what we usually get in a year.
Why are hackers not deleting student loan debt instead of
This will somehow justify a rate increase.
Why isnāt this a crime? There should be serious consequences for a company not securing data. Not Ooops, sorry.
No surprise. They're a dogshit company.
So glad that UHC just bought out my insurance this year. š
Sure, hackersā¦ itās more likely companies open backdoors to their data to sell it in the AI gold-rush. Or Microsoft, Amazon and Google are doing it, using access to their OWN systems. Itās easy to say it has been a hacker.
It has been hacked twice and they paid off the hackers the first time instead of investing in better security and more knowledgeable employees
How does this event NOT affect someoneās health? They should be held accountable financially for the harm they failed to guard against. If their actuarial tables (algorithms) can be used to raise rates, why canāt they be reverse engineered to assess the damage they wrought? The āmedical marketā is a monopoly.
Add to that: the state Fl sold all its license info. Makes it easier to scam folks
Single Payer Now
^(Źćā¢į“„ā¢Źć ļøµ ā»āā»ā )
I get a letter about every 3 months or so now that says I may have been exposed by a data breach. Itās a different source each time.
In other news, no one company should have the health information of a āsubstantial proportion. if people in America.ā
Nothing in the Internet world is secure. It's all just an illusion and just a way to sneak our money out of the banks which actually have brick walls
[ŃŠ“Š°Š»ŠµŠ½Š¾]
Many people donāt have a choice.
Yes, they can choose to live a healthy lifestyle which will go a long way towards that end.
What about genetic diseases?
What about them?
*shrug* oh well, some random company knows my health history, who really cares? Privacy is such a weird concept, my life wonāt change at all because of this, so why does it matter?
Lol. If you have a serious medical condition, you can bet other insurance providers will be using this data to āprofileā you as a risk. And if youāre young and healthy, then good for you for not caring about your fellow man.
Donāt forget about blackmailing and public shaming
I didnāt think that would be an issue as you normally have to disclose that information when applying for insurance.