301M Records Exposed: The HIPAA Breach Epidemic
adulion
55 points
36 comments
March 13, 2026
Related Discussions
Found 5 related stories in 47.4ms across 3,471 title embeddings via pgvector HNSW
- 1B identity records exposed in ID verification data leak robtherobber · 215 pts · March 12, 2026 · 61% similar
- Hacker broke into FBI and compromised Epstein files SilverElfin · 17 pts · March 11, 2026 · 47% similar
- Foreign hacker reportedly breached FBI servers holding Epstein files in 2023 vinni2 · 14 pts · March 11, 2026 · 46% similar
- DHS Contracts Explorer – Hacked data from the Office of Industry Partnership peq42 · 213 pts · March 12, 2026 · 45% similar
- We indexed the Delve audit leak: 533 reports, 455 companies, 99.8% identical fadijob · 115 pts · March 22, 2026 · 44% similar
Discussion Highlights (6 comments)
philipwhiuk
1. What a wildly capitalist take on the loss of confidentiality for personnel data. 2. If you get breached, you have a problem. If everyone gets breached it starts to look more like cost-of-business (and that might be cheaper than a cyber firm that doesn't actually fix the problem [but looks good on audits]) 3. I wonder if the breached data is entering AI corpuses. Will I be able to ask OpenAI "Does Joe Bloggs, 75 Penn Ave NY have an underlying health conditions I should know about"
righthand
Well at least the leaks and irresponsibility have hit the HIPAA level, maybe now some old people will take it seriously? Or will the fallout continue to be normalization of data leaks like the morons in the federal government did for credit reporting agencies?
quercusa
The attack on Stryker used Microsoft InTune to remote-wipe all of Stryker's systems. If you can wipe a system, could you also drop code on it exfiltrate data and credentials? [0] https://news.ycombinator.com/item?id=47346091
jawns
Wait, the main takeaway from this article is that cybersecurity sales teams now have great leads? Facepalm. The real takeaway should be that at every level -- government, corporate, healthcare entities, personal -- we need to rethink how we're acting in the face of these disasters. Government should recognize that its current regulations are insufficient and look for ways to refine them. Corporations and health-care entities should be asking themselves, "Do I really need to store this data? If so, how do I store it securely, make my systems less vulnerable to attack, make my personnel more informed about phishing, store it for the minimum amount of time, etc." And we as individuals should be asking ourselves whether so many health-care entities need to store so much data about us.
roywiggins
ai; dr > This isn't a single point of failure - it's a systemic crisis. > One in seven breaches isn't a sophisticated external attack - it's someone inside the organisation accessing data they shouldn't. > These organisations aren't browsing - they're buying https://news.ycombinator.com/newsguidelines.html#generated
josefritzishere
There need to be criminal penalties for data security negligence. If it's profitable to be sloppy, they will.