by Charles Miller

Some time back, the owner of the small neighborhood gymnasium where I work out decided they needed to install an access-control system. I suppose it could be because the big fancy gyms have turnstiles they thought they should have one too... fire safety regulations be damned. This prompted me to have a conversation with the gym owner in which I explained that I had no objection to her having any information about me she needed to know; but the new turnstile, unlocked by fingerprint reader, required a connection to the internet and I objected to having some unknown manufacturer under the control of the Chinese Communist Party having my fingerprints and monitoring in real time when I come and go through their turnstile. She recognized my concern and we quickly found a solution. Even at my age I am still just agile enough to hop over the turnstile; so with the acquiescence of the gym owner, six days a week that is how I start my exercise routine.

Please do not accuse me of being a Luddite throwing sand into the machines at the textile mill. I provide my personal information where it is required by law, even while questioning the ability of those asking for it to keep that information safe from hackers. It is the ability of others to keep my personal data safe that I question. None of the people demanding my personal information ever seem to know anything about how that data will be protected or if old records are ever purged or with whom the information is shared or even why they need certain information in the first place.

Two months ago on February 21 a hacking group called ALPHV, also known as BlackCat ransomware group breached the databases at Change Healthcare, a division of UnitedHealth Group, leading to a massive loss of personal data and causing billing delays nationwide. Reportedly, Change Healthcare handles about 90% of all the insurance billing for pharmacies in the U.S plus many hospitals. Payments to many doctors and patient outcare facilities were also disrupted. Clearly the healthcare billing and data systems provided by Change Healthcare are a key node in the U.S. healthcare system.

UnitedHealth Group is the largest U.S. healthcare insurance company with revenues in 2023 of 359 billion dollars. The company has enjoyed greater than a 300% increase in revenues since 2010 thanks to Obamacare, and net profits in excess of $22 billion.

In an official statement, UnitedHealth Group admitted the company lost "files containing protected health information (PHI) or personally identifiable information (PII), which could cover a substantial proportion of people in America" (emphasis mine). This largest-ever cyberattack largely crippled the U.S. health care system. Large numbers of doctors, hospitals, and pharmacies are not receiving timely payments and they are feeling the pinch. As to how many individuals had their most sensitive and private data compromised, UnitedHealth has no comment.

Unofficially, the tech news sites have been abuzz with unconfirmed reports that UnitedHealth paid more than $20 million dollars ransom to the cybercrooks; UnitedHealth confirming nothing. But there is a twist. Apparently proving the old axiom that there is no honor among thieves, it is alleged that after paying the ransom, UnitedHealth still did not get their data back because the cybercrooks seem to be squabbling amongst themselves over dividing up the loot. And still no comment from UnitedHealth.

Clearly UnitedHealth has not done an adequate job of securing their customer’s data, and if this company cannot afford to pay for first-class security, who can? There will be no simple or easy answers as to what to do about that. My hope is that more people will now start to recognize how much of their personal information they are giving away to companies that cannot be trusted to store it securely. To keep your personal data safe you might need to be willing to jump through some hoops, or hop over a turnstile.

**************

Charles Miller is a freelance computer consultant with decades of IT experience and a Texan with a lifetime love for Mexico. The opinions expressed are his own. He may be contacted at 415-101-8528 or email FAQ8 (at) SMAguru.com.

Discover Lokkal:
Watch the two-minute video below.
Then, just below that, scroll down SMA's Community Wall.
Mission

Visit SMA's Social Network

Contact / Contactar