Free Republic
Browse · Search 		General/Chat
Topics · Post Article

To: ransomnote; All

I was a IT Project Manager under contract to a very large healthcare provider in Norcal.

My project was to patch/correct every server platform in the enterprise...over 20,000 of them...and provide “secure privileged access” for the various engineers who had to keep these platforms running and maintained. So that only these “privileged” persons could make changes.

The project spun out of a security audit that found, essentially, there was no security.

Policies were developed. Standard, secure configurations for all platforms. Audit schedules...the whole nine yards.

When the project kicked off immediately there was resistance and inertia from every single stakeholder. As the project stalled the CIO decided to change to definition of what “remediated” meant. The new definition meant that each individual platform owner agreed to perform their own remediation within 3 years. That was almost 2 years ago.

They fired me when I refused to falsify mitigation reports. Just like the PM that was there before me, and one that followed me.

Buddies still onsite assure me nothing has changed. The place is still an open book...would not pass even the most rudimentary security audit and 3rd parties are still granted remote, unsecured access.

Over 50,000 employees and over 10,000 beds.

CRIMINAL NEGLIGENCE!


13 posted on 10/29/2020 3:31:23 PM PDT by Mariner (War Criminal #18)
[ Post Reply | Private Reply | To 1 | View Replies ]

To: Mariner

You should whistleblow to HHS OCR who enforce HIPAA.


14 posted on 10/29/2020 3:37:46 PM PDT by socalgop
[ Post Reply | Private Reply | To 13 | View Replies ]

Free Republic
Browse · Search 		General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson