The general theme of recent computer hacks are, unfortunately, all too familiar. Not updating software when there is a clear path to doing so and there is a well-known and publicly documented exploit of that software is negligent and the companies involved should be held liable for damage to client's financial concerns.
It is one thing to be blindsided by an unknown exploit or to be the focus of a DOS attack or something similar that puts your network and your clients at risk for information theft. Alternatively, if you are aware or should of been aware of a software or network exploit that has a fix and you neglected to apply the fix you are as guilty as the hackers.
Some of the nation's most hardened security networks have been penetrated so keeping a network safe is not an easy or inexpensive venture. Although, keeping software current with the latest patches is a simple process and there should be no reason for a company not to keep its network software updated.
It always surprises me how easy folks can jump on the latest bandwagon circling in the public arena and give no thought to the fact that most information they put out over the internet they freely gave in order to use the free services of the Facebooks and Googles of the Web.
Nevertheless, if a company requires you to do business with them over an electronic media they should take full responsibility for updating their software and keeping current with the latest cyber threats.
Headlines like "Devastating Heartbleed Flaw Was Used in Hospital Hack" and others tend to make one wonder if anybody is paying attention. The hackers are letting the security firms do the grunt work of finding flaws and then all they have to do is troll for sites don't update.
by Jim Atkins 'thedosmann'