Anyone heard of any action against these medical companies under HIPAA regulation? Neither have I.
This is the problem with government trying to fix a problem. While I agree with the basic attempt HIPAA is making at securing personal medical data, it just makes no sense to have anyone try to comply when nothing happens if you don’t.
And when a few CEO / CFO / COO types see this story and don’t see even any attempts at prosecution in the next few months, then they will start rethinking about their investment in security
Another thought is that these companies are HIPAA compliant and still have problems. If that is so, then it goes to show you that compliance does not equal security.
Vet
