It’s been quite a ride. If you’re one of the few people who haven’t heard about this story, 37 millions people paid the website AshleyMadison.com (“AM”) to help them cheat on their spouses, and to store their credit card information, sexy selfies, kinky preferences, and detailed records of their cheating transactions on “secure” servers. Hackers stole all that “secure” data, threatening to make it all public unless AM closed. AM refused, of course. What do they care about user privacy when profits are at stake? Instead, they (very) weakly pretended to have the situation well in hand.
I provided background, my own humorous observations, and the implication for HIT security in: Kelly Rippa & I Have Some Sexy Fun Together Via the Internet:
Well, the situation has taken a dramatic and obvious new turn. As promised, the hackers have released all the scandalous data: all of it. Divorce lawyers and scandal TV producers are, I imagine, dancing in the streets and buying new private islands of their very own, anticipating all their new wealth: Hackers Release Details Of Ashley Madison Cheaters:
In addition, reports indicate that among the 37 million unfortunate cheaters, there have been thousands of military and government employees, using their official email to cheat and get caught. Oh my!
Ashley Madison hack is not only real, it’s worse than we thought: “The massive leak attributed to the hackers who rooted to the Ashley Madison dating website for cheaters has been confirmed to be genuine. As if that wasn’t bad enough, the 10 gigabytes of data—compressed, no less—is far more wide-ranging than almost anyone could have imagined… For what it’s worth, more than 15,000 of the e-mail addresses are hosted by US government and military servers using the .gov and .mil top-level domains.”
The implications are almost overwhelming. More than 15,000 military and government officials were lazy, clueless, irresponsible, and corrupt enough to use their official government accounts manage scandalous data about their extramarital affairs with a private company, directly from work!
Let that sink in, especially as the health care industry blithely and enthusiastically walks itself into a far greater hacker disaster. 37 million? Imagine HUNDREDS of millions: that’s what a unified health care data system offers hackers. That’s what the HIT mandarins insist we must have – only Ludites and Amish farmers have any doubts! – absolutely as soon as humanly possible. Everyone’s health and financial data, all in one juicy pool, positively begging every hacker on earth to steal it. To date, security efforts have shown no reliable ability to prevent it: data breaches have steadily marched forward over time, steadily bigger and deeper. Huge pools of data benefit corporations who use such “big data” for big profits. These corporations leave the risk, pain, and cost to all the countless people whose identities, credit, and privacy they help hackers to steal so they can make more money along the way.
Ponder it. Will we learn from experience? Can we? Are we humans or sheep?