What The Heck Are “Security Basics”? – Paul’s Security Weekly #587
December 21, 2018
The question comes up quite often, what should organizations be doing to meet the basic security requirements? We often hear the terms "Security Basics", "Minimum Security Standards" or dear lord "Security Hygiene". But what does all this mean? Is it the same for everyone? People will point to different resources that attempt to define the security basics, but do they really work? Does compliance play into this picture?
LifeLong Medical is just now notifying 115,448 patients that their data was compromised during a ransomware attack against one of its vendors, Netgain. However, the initial breach reports were first released more than six months ago, putting the notice far outside the 60-day HIPAA requirement.
HHS OCR announced it reached an $80,000 settlement with Children's Hospital & Medical Center over potential HIPAA Right of Access failures. It’s the 20th settlement made under its access rights’ initiative.