Will they be fired?? 😂 Fast food workers are held to much higher standards.

And you can't figure this out in 5 freaking years!!!!

And it takes 4+ years and you are STILL investigating!! WTF??

In other words it was "UNSECURED" 🥴😡🤬

as a former IT consultant this leader is clueless about data security for server implementations

I am so Thankful to God and my training as a deputy, that I CAN PROTECT MY FAMILY-- cause these idiots are SELLING US OUT !!

So we will definitely know something sometimes somewhere, somehow .

We have external investigators, but we are paying them.....hmmmm!

The same answer was given to every question. They cannot give a straight yes or no

"The initial configuration was mid-2018" - That's an admission that either the default login credentials were never changed, the firewall rules weren't updated, the access control lists weren't verified, 802.11x (port security) rules weren't followed, MAC filtering wasn't done or that a whole host of remediations weren't considered in response to IAVAs or the CVD. This woman is the last person you want briefing this topic. The correct person to send to these hearings is a retired Warrant Officer. He or she would make a Congressional Representative's head explode from data overload.

Misconfigured...right. Most of the healthcare system has given the keys to every employee involved in software and server support. It isn't a breach, it is plain laziness and folks that wish to NOT do their job.

So I think what she's saying is that they're paying loads of money to external investigators to do their job. And that's why they can't answer any of these basic questions that they should know this is been going on for five years come on

This is just so bad

Why aren’t witnesses being questioned by members of Congress being allowed to avoid yes or no answers to questions? I believe they should be FORCED to answer yea or nay or be held in contempt of Congress. Pretty simple.

They know it's been since 2018. She knows more than she's saying.

No one ever is accountable

"Experts" seem to be at the center of virtually all problems the public has with government.

This is what happens when incompetent people are hired and lack of accountability continues....

So they are still investigating ? After 5 years ? So , they are hoping this all goes away so nobody will get fired .

"Vendors are held to a very high standard." It's the laughs that keep us going.

This lady is on fire. We need more of her

How the hell do you mess up that badly and keep your job? No authentication? Are you SERIOUS?!

In almost every case I think that people testifying before congress should be fired for the inability to answer a simple question. Having been in IT for 47 years I understand why this lady is hesitant to give detailed information because piecemeal information during computer forensics can be very misleading. The correct question right now is 'when will your investigation be complete, because I want you back here next business day". And then hold her to that date.

People sneer at me when I say I don't do anything online unless I absolutely HAVE to. I don't do online banking, insurance or doctors business, etc... There is no such thing as "secure" in a world where there is always a hacker who is two steps ahead of the game. You don't even have to do your business online in order to get your info stolen because it's automatically put there with out your consent and against your wishes. It's getting more and more difficult for anyone to protect themselves from things like this.

these "directors" never seem to know what's going on in their departments, "I don't know" seems to be a common denominators in all of these hearings

Did you ever notice that when asked a hard question in these committees, the answer is "I don't know." First person to be fired should be her.

I DIDNT DO ANYTHING SO IM NOT TO BLAME!!!! HOLD THESE PPL ACCOUNTABLE!!! I WOULD BE FIRED IF I SCREWED UP THIS MUCH...

Finding out who’s responsible is important, but how about telling us more about the information that was breached between our country and other countries I think the American people deserve an explanation

That had to be malice. There is no way they just forgot. That is a 101 of servers.

INVESTIGATE ? WITH NO OUTCOME

i could tell you within week who was at fault.. And if they took it offline. It was to clean the server. ie Hide the breach...

Great questioning. She’s not letting her dumb her down like they dumb down the voters.

Nancy Mace is one of the best at questioning these dem question dodgers, hats off and much respect to her

I'm absolutely no apologist for anyone in these agencies, but I can appreciate how difficult it can be to be a witness regarding a technical event. Witnesses should bring subject matter experts so they can immediately consult. Of course then, though, they wouldn't be able to stall with their "I'll get back with you on that" responses.

This happened in 2018?! It is now 2023 and they're still investigating. Am I missing something?

“If you cannot ID who failed, then you are all fired.”

We do not know. The anthem of the Biden administration.

Awesome job, finally proper pointed questions showing some understanding of how IT works from a representative...

Just more people that come to be questioned and then give no answers. Why do they seem to never have answers to questions. They are always doing a full investigation but won't have answers until some time in the future but as always they can't give a date. Time after time it shows that these people are not qualified for their position.

They should be fired

Another official who " can't answer that question" on almost every aspect of the work they are supposed to be actively involved in on a daily basis.

Any job I ever had in my life but I'm almost 80 years old I had to know everything about that job before I was turned loose don't see if people know anything

No, they will eventually be promoted. They were asked to do that with a promise on the Left.

Two things I quixotically hope for: 1. The Vikings winning a Super Bowl and 2. A Biden administration witness crisply and candidly answering a question. Alas, at my age, I'm unlikely to ever see either.

We are investigating that....was the server being used well yes and no...but we are investigating using an outside company...but they are investigating.. i dont know the time date or numbers.. but we are investigating

Can't fire anyone for incompetence, they are playing follow the leader.

The Officials don't know SQUAT! She needs to be talking to either the IT Team Lead for the Security Manager.

All government employees know the only answer is "I don't know", whether they know or not. The reason for the I don't know answer is to protect the swamp.

Follow the money.

Is this a clerk or a janitor? It sounds like she knows absolutely nothing about what she is supposed to be managing or supervising. If anyone is working on equipment, especially computers, you are responsible for, you should be on their back asking questions about every step of what they are doing. You should have a really good idea of what's happening at every step. It sounds like she is trusting the computer people 100% or else she's to much of a prima donna to supervise them. The first makes her criminally gullible, and the second makes her liable to be fired!

If you screw up. You should be fired. Especially with government control.

Sounds like someone need to be fired

That was 5 years ago! Should have been investigated years ago unless they just noticed the exposure.

All you IT pros need to run for office and straighten this crap out. Do it for America before it's too late!

Wow, she is clueless

Only the best and brightest for our government!

This is typical. The IT team at healthcare systems do not like to configure or troubleshoot security systems. They will install and configure a third party system, make sure the systems come up without errors, and will then walk away. They don't run tests on how to break into the system. They will simply require employees to watch training videos on how to protect your own passwords. I'd be surprised to find any IT department that actually runs tests on their third party systems to find holes in their security. In addition, no IT department will update their security. It costs too much money and time and effort to install new updates or to switch to a newer and robust security software company when something newer and stronger comes along. They simply keep using the same garbage they used when it was first set up. The only time an upgrade does happen is when the older is no longer supported and will no longer run.

No one is ever held accountable in this system. Terrible.

Password and ID Employee ? Are they required

We have external experts from China looking into this.

It's likely several people were involved, one person starts the project and works for a few days then goes on vcation for two weeks and somebody else continues the work, then they both get transferred and a new employee or contractor with little experience is assigned to finish the job. They may each do the job in a different way that they are accustomed to and therefore somethings may not be done correctly..

I use to tell my students that “she knows just enough to be dangerous”!

WHAT A FING JOKE!

What exactly have you uncovered in 5 years

You can't help but think they know a lot more then they are pretending to know. Some of these questions should be simple for these people.

25 Years in IT. This is negligence of the highest order!

If she won't answer the question, SHE should be blamed for it and removed.

As your friendly government employee, I will have to circle back to you upon the completion of the ongoing internal investigation, and when I say ongoing, I mean never ending ......

Fire all of them!

I’d go for door number three.

I.P. addresses typically do not change unless the provider changes or the location of the computer changes. I seriously doubt either changed unless a contract or contractor changed.

I recently told the IRS the same thing this April. Actually what I said was screw you and your 85000 new agents I have external investigators looking into these grandeous errors on my return and I don’t want to hear anymore from you !

Look at the network traffic for connecting IP addresses, if still located in network history data but, can or has been deleted. Do not store on the 'cloud' since it has high probability of being hacked. Do daily backups on external devices and disconnect from the main.

❤️ Nancy Mace!

This was the wrong person to testify on this.

short answer is I do not know anything and I will just say that someone is looking into it so I can say I do not know.

She doesn't know! Tough question and they will get back to you! Yikes!

And these are our leader's people

Well gee, first answer let's us know what the spy balloon was logging in all thru the USA!!

I don't get this? What are they talking about exactly? What are the details on who was affected? First time I've heard about this story.

Happens every time. The Rep asks a question and the official answers another question.

The questions Ms. Mace asked we all questions that would take less than a day to discover. I have some other simple questions. When was the security vulnerability patched? What service did this server perform? Who set it up? Who had administrative access to this server? Could bad actors gain access to other systems with access the compromised server?

There is so much configuration required, routers, firewalls, switches, for an "IP address" to access the outside world from inside the network on a public IP address. What they are trying to describe is literally impossible to have happened by accident, this was clearly intentional, and happened by design. You can't just plug into a switchport off of the inside interface of your router, and hit the web in an un'nat'ed public IP, it is literally impossible.

Basically we have no idea....

Are we not operating beyond our technical ability to be safe??

This is the reason why I refuse to do the portal that a lot of doctor's and hospitals want you to freely put your information on the servers that are kept open for the people who have nothing to do but hack into the system yet our government doesn't prosecute anyone unless you're a republican.

No one ever fired or prosecuted. What's new with this administration. Fire her already for lack of experince on the job. What a joke these people are.

The problem with her organization is the she is in charge of it. Fire her first.

We are in trouble in this America ! 🙏🏼♥️🇺🇸👍🏼✌🏼🥺😢👿👹

Word salad in this administration is unreal. What ever happened to simple answers.

I have decades of IT experience and I can tell you, that woman has absolutely no idea, zero, or what she's attempting to talk about. If she's in charge of anything associated with automated systems, she ought to be terminated immediately.

if people only got to see how much of their data is accessed and managed by IT "contractors" in overseas locations. Not just healthcare; banking, academics, federal/state/local governments. If they have an IT dept of 200 people, usually 20-25 are US based and the rest are remote.

It’s not that difficult to find out who physically did the set-up and who gave the order. It’s bureaucratic policies that make it impossible to do it efficiently.

I remember when they mocked people and called them paranoid for saying entrusting the government with our health info would lead to invasions of privacy. Well, they were wrong but they are still mocking those people too.

So who are the "external investors"? That's the real question.

They won't do anything but make excuses

IDK. No one ever has an answer! IDK. IDK. IDK. How we looking on finding the Supreme Court leaker?

"If you had an IP address, you can access the server without proper authentication." I'm assuming she meant if you had _the_ IP address of the server. This isn't a misconfiguration. This is a case of zero configuration. If the person who "misconfigured" this server had done something like this as they pursued their degree in Computer Science, they'd have received a failing grade for the project, if not for the entire class. There is no standard in Information Technology where this wouldn't be gross negligence - this is no less negligent than leaving a locked and loaded firearm on the table in a kindergarten classroom. It was no less negligent in 2018 than it is in 2023.

What the hell? They don't have a Network Administrator?

They haven’t identified a contractor scapegoat yet.