Cybersecurity

5923 readers

251 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Be respectful. Everyone should feel welcome here.
No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
No Ads / Spamming.
No pornography.

Community Rules

Idk, keep it semi-professional?
Nothing illegal. We're all ethical here.
Rules will be added/redefined as necessary.

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities [email protected] [email protected] [email protected] [email protected] [email protected]

Notable mention to [email protected]

founded 2 years ago

MODERATORS

kid

[email protected]

The US proposes rules to make healthcare data more secure (www.theverge.com)

submitted 1 week ago by [email protected] to c/cybersecurity

6 comments fedilink hide all child comments

The HIPAA Security Rule is due for an overhaul.

top 6 comments

sorted by: hot top controversial new old

[–] [email protected] 18 points 1 week ago (1 children)

What such a ruling needs are hard punishments for those responsible for data "losses". Those who have unsecured servers, those who use weak passwords, or leave backdoors in their software need to be sanctioned as well as the actual hackers.

[–] [email protected] 11 points 1 week ago (1 children)

Definitely. Once the company reach certain level of annual turnover it must implement A-Z security measures or be fined out of existence would be great. I even go as far as making it personal liability for upper management if they deliberately try to circumvent those requirements.

[–] Tar_alcaran 7 points 1 week ago* (last edited 1 week ago) (1 children)

I even go as far as making it personal liability for upper management

This needs to be a thing for SO many things across the board, from personal data to ecological damage and unsafe working conditions. Not just upper management, everyone down the chain. If Bob the (qualified)intern did it, Anna the manager checked it and Charlie the CEO approved it, they ALL need to get punished.

[–] taladar 3 points 1 week ago

Punishing the lower level employees should only really be implemented once all the anti-whistleblower legislation and people in government have been purged though otherwise you just put the employees who are asked to do questionable things between a rock and a hard place with no way not to get punished.

[–] [email protected] 7 points 1 week ago

HIPAA is a super vague standard on the tech side. PCI is much more specific and frankly better even though its meant for a different purpose and both were written by different types of entities. It may have changed since I worked with it, but one example I remember is HIPAA standards say to use a firewall. PCI standards say to use a firewall, document rules, review them quarterly with a formal process and separation of duties, and conduct external third party scans to look for vulnerabilities. I'm glad HIPAA is getting an update, but it could really use an overhaul.

[–] [email protected] 1 points 1 week ago

One can avoid all rules when greedy enough