

UCLA Health System reports patient data breach; 4.5M may be affected - srikar
http://www.latimes.com/business/la-fi-ucla-medical-data-20150717-story.html

======
higherpurpose
The US government's "cybersecurity policy" is completely and utterly
inadequate. Their thinking so far has been "well, let's leave aside the
_actual security_ stuff, and focus on getting _cyber-weapons_ \- the more
cyber-weapons we have, the scarier we'll be and nobody will touch us!"

Yeah, _maybe_ that can work against a mid-level country like Iran. But what
about China or Russia? Are they really going to be dissuaded from hacking US
agencies and private companies because the US will hack them back? Are they
going to be afraid that US threatens them with actual war? Nope.

Then there are also the "guerrilla hackers", which could be anyone from random
hacker groups, to cartels in Mexico to North Korea who doesn't care if you
hack back its hundreds of PCs. Your scary cyberweapons aren't going to
dissuade them either.

The US government needs to stop making encryption and strong security (that
itself can't hack) public enemy #1, and instead actually promote them in every
single agency and raise security standards that private companies have to meet
as well, _especially_ if they are storing sensitive customer data.

As Schneier said earlier, the US has the most to lose out of all the countries
by _actively trying to keep_ the web vulnerable.

