Anyone heard of any action against these medical companies under HIPAA regulation? Neither have I.
This is the problem with government trying to fix a problem. While I agree with the basic attempt HIPAA is making at securing personal medical data, it just makes no sense to have anyone try to comply when nothing happens if you don’t.
And when a few CEO / CFO / COO types see this story and don’t see even any attempts at prosecution in the next few months, then they will start rethinking about their investment in security
Another thought is that these companies are HIPAA compliant and still have problems. If that is so, then it goes to show you that compliance does not equal security.
Vet
Seems like Cisco has partnered with Cybertrust in creating some kind of PCI-geared hardware package / solution. Cybertrust is supposedly giving this amorphous hardware blob (I guess a hardware package can be customized for each scenario) the PCI checkmark. OK, so which company is going to purchase this package for its stores and tell its auditors, “we’re PCI complaint because we bought this crap”?
From their news release:
Part of the Cisco PCI Solution for Retail, a set of recommended and audited network architectures that can be tailored for each retailer’s specific store footprint and application needs, Cybertrust has provided its PCI subject matter expertise to validate that the Cisco solutions are optimized for PCI compliance. The Cisco PCI Solution architectures provide guidelines that help retailers manage the complexities associated with the PCI Data Security Standard.
Rrrrriiiiight….
Computerworld Australia warns against this as well.
Vet
Anyone heard of any action against these medical companies under HIPAA regulation? Neither have I.
