The US proposes rules to make healthcare data more secure (www.theverge.com)
from BrikoX@lemmy.zip to cybersecurity@sh.itjust.works on 29 Dec 08:55
https://lemmy.zip/post/28944049

The HIPAA Security Rule is due for an overhaul.

#cybersecurity

threaded - newest

Treczoks@lemmy.world on 29 Dec 09:29 next collapse

What such a ruling needs are hard punishments for those responsible for data “losses”. Those who have unsecured servers, those who use weak passwords, or leave backdoors in their software need to be sanctioned as well as the actual hackers.

BrikoX@lemmy.zip on 29 Dec 09:36 collapse

Definitely. Once the company reach certain level of annual turnover it must implement A-Z security measures or be fined out of existence would be great. I even go as far as making it personal liability for upper management if they deliberately try to circumvent those requirements.

Tar_alcaran@sh.itjust.works on 29 Dec 12:25 collapse

I even go as far as making it personal liability for upper management

This needs to be a thing for SO many things across the board, from personal data to ecological damage and unsafe working conditions. Not just upper management, everyone down the chain. If Bob the (qualified)intern did it, Anna the manager checked it and Charlie the CEO approved it, they ALL need to get punished.

taladar@sh.itjust.works on 29 Dec 12:40 collapse

Punishing the lower level employees should only really be implemented once all the anti-whistleblower legislation and people in government have been purged though otherwise you just put the employees who are asked to do questionable things between a rock and a hard place with no way not to get punished.

zero_spelled_with_an_ecks@programming.dev on 29 Dec 11:46 next collapse

HIPAA is a super vague standard on the tech side. PCI is much more specific and frankly better even though its meant for a different purpose and both were written by different types of entities. It may have changed since I worked with it, but one example I remember is HIPAA standards say to use a firewall. PCI standards say to use a firewall, document rules, review them quarterly with a formal process and separation of duties, and conduct external third party scans to look for vulnerabilities. I’m glad HIPAA is getting an update, but it could really use an overhaul.

M33@lemmy.sdf.org on 01 Jan 15:55 collapse

One can avoid all rules when greedy enough