Seriously?
The only reason El Reg posted that article was because of the fabulous headline wasn't it?
Go on, admit it.
Totally worth it by the way.
A medical group in Ohio has confirmed it was ransacked by miscreants who leaked hundreds of thousands of medical files, financial documents and patient records – but offered little else in the way of an explanation. The Central Ohio Urology Group told The Register it is still working with investigators and IT security experts …
"The Central Ohio Urology Group says it will take several weeks before its investigation will be complete and the full scope of the incident known."
Oh yeah, the "that stone will soon progress down the ureter all by itself, and we don't have to hurry things up..."
Said to the friend who'd already quite convinced them of the need for morphine due to the extreme pain involved (and which produces distinctive recognizable reactions because *every* nerve in your body is on fire!)
Shut 'em up, bliss 'em out, and stick 'em in a corner - they're too busy preparing the bill.
I do believe that it's time for a change... apologies by CEO's with the statement "we take your privacy seriously" should be followed publically by said CEO falling on his sword.. in public.
Ok, more seriously... there needs to be something (law? penalty?) that hits the C-suite types and the board hard when there's a breach. Something that says "lip service and weasel words aren't enough".
It's coming in EU land with big fines. Still can't persuade the board to take it seriously though. UK government seems keen, as ever, to sacrifice it's citizens on the alter of corporate greed by doing the bare minimum required but that won't stop other countries imposing the fines (with Bexit we'll lose the one-stop-shop principle so Belgium, for example, will be free to fine a London based company).
So how does a urology practice 150GB of patient data? Even with many thousands of patients, that's a lot of data per each. An awful lot of it would have to be imaging of some sort, which they aren't going to use on all of their patients.
The stolen data that would be harmful to those affected would be a tiny fraction of that 150GB, namely all the personal information in text records.