301M Records Exposed: The HIPAA Breach Epidemic
adulion
55 points
36 comments
March 13, 2026
Related Discussions
Found 5 related stories in 86.0ms across 8,303 title embeddings via pgvector HNSW
- 1B identity records exposed in ID verification data leak robtherobber · 215 pts · March 12, 2026 · 61% similar
- Lawmakers' prescription data at risk after data breach rationalist · 13 pts · May 14, 2026 · 52% similar
- AISLE Discovers 38 CVEs in OpenEMR Healthcare Software mmsc · 168 pts · April 28, 2026 · 51% similar
- French government agency confirms breach as hacker offers to sell data robtherobber · 372 pts · April 23, 2026 · 49% similar
- Meta, TikTok Recv Personal Data from Health Exchanges Alarming Privacy Experts 1vuio0pswjnm7 · 11 pts · May 05, 2026 · 49% similar
Discussion Highlights (6 comments)
philipwhiuk
1. What a wildly capitalist take on the loss of confidentiality for personnel data. 2. If you get breached, you have a problem. If everyone gets breached it starts to look more like cost-of-business (and that might be cheaper than a cyber firm that doesn't actually fix the problem [but looks good on audits]) 3. I wonder if the breached data is entering AI corpuses. Will I be able to ask OpenAI "Does Joe Bloggs, 75 Penn Ave NY have an underlying health conditions I should know about"
righthand
Well at least the leaks and irresponsibility have hit the HIPAA level, maybe now some old people will take it seriously? Or will the fallout continue to be normalization of data leaks like the morons in the federal government did for credit reporting agencies?
quercusa
The attack on Stryker used Microsoft InTune to remote-wipe all of Stryker's systems. If you can wipe a system, could you also drop code on it exfiltrate data and credentials? [0] https://news.ycombinator.com/item?id=47346091
jawns
Wait, the main takeaway from this article is that cybersecurity sales teams now have great leads? Facepalm. The real takeaway should be that at every level -- government, corporate, healthcare entities, personal -- we need to rethink how we're acting in the face of these disasters. Government should recognize that its current regulations are insufficient and look for ways to refine them. Corporations and health-care entities should be asking themselves, "Do I really need to store this data? If so, how do I store it securely, make my systems less vulnerable to attack, make my personnel more informed about phishing, store it for the minimum amount of time, etc." And we as individuals should be asking ourselves whether so many health-care entities need to store so much data about us.
roywiggins
ai; dr > This isn't a single point of failure - it's a systemic crisis. > One in seven breaches isn't a sophisticated external attack - it's someone inside the organisation accessing data they shouldn't. > These organisations aren't browsing - they're buying https://news.ycombinator.com/newsguidelines.html#generated
josefritzishere
There need to be criminal penalties for data security negligence. If it's profitable to be sloppy, they will.