[Default] On 19 Jun 2019 07:17:41 -0700, in bit.listserv.ibm-main kreiter_ibm-m...@twc.com (Chuck Kreiter) wrote:
>Really hard to feel bad for this company. > >1. Left a platform that worked well for year for something "shiny and new" >2. Apparently didnt test security after implementation or keep current on >fixes >3. Unless this is just a billing company, I have a hard time feeling sorry for >any "debt collector". At what level was the breach? If it was at the web server level, Apache,etc. then the same exposure may be on the mainframe. Many applications need to have access to entire databases. For example, the help desk you call at your bank because you have a problem with your account needs to have access to everybody's account and it takes a well thought out monitoring process to make sure the access is not abused. It is difficult to determine from the article at what level the breach occurred. It seems that the person switched to using the cloud to have access to new applications and thought he had checked out the security implications. Clark Morris > >-----Original Message----- >From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On >Behalf Of Mark Regan >Sent: Tuesday, June 18, 2019 8:25 PM >To: IBM-MAIN@LISTSERV.UA.EDU >Subject: Fwd: Cyber-Heist That Impacted Millions Bankrupts Medical Debt >Collector (Mainframe related) > >From the article: > >... >Fuchs said the company, which he founded in 1977, originally had its own IBM >mainframe that served AMCAs purposes well for many years. But changes in >technology (most notably, the shift to cloud computing) made it clear, he >said, that continued reliance on the office system would not be tenable in >the long term. > >"After years of planning, Fuchs wrote, the company moved its systems to a >cloud service provider in 2015. The company invested over a million dollars >on, among other precautions, the hiring of outside IT consultants to ensure >AMCAs data security protocols reflected current technological standards. >... > >https://gizmodo.com/massive-cyber-heist-bankrupts-medical-debt-collector-1835630684 > >Regards, > >Mark T. Regan, K8MTR >CTO1 USNR-Retired >Nationwide Insurance, Retired > >---------------------------------------------------------------------- >For IBM-MAIN subscribe / signoff / archive access instructions, send email to >lists...@listserv.ua.edu with the message: INFO IBM-MAIN > >---------------------------------------------------------------------- >For IBM-MAIN subscribe / signoff / archive access instructions, >send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
