Shostack Associates Shostack Friends Blog Security Researcher Comments on HIPAA Security Rule
pShostack Friends BlogppA group of us have urged HHS to require that health care providers to act on and facilitate reporting of security issues by good faith cybersecurity researchersppThe core of what we recommend is that HHS should require cooperation with Good Faith researchersppWe chose to discuss regulated entities rather covered ones because we believe these should be applied to those entering a BAAppThe comments are by a set of security researchers including myself Jack Cable Dissent Doe Josiah Dykstra PhD Fred Jennings and Chloé Messdaghi on the HIPAA Security Rule Notice of Proposed Rulemaking to Strengthen Cybersecurity for Electronic Protected Health Information Lastly the official comment doesnt include Chloe as a contributor because of an oversight this version does ppDont miss the snarky background storiesppOriginally published by Adam on 20 Mar 2025
Categories
compliance
government
security
ppGeneral threat modeling postsppThe Security Principles of Saltzer and Schroeder illustrated with Star WarsppOther Star Wars blog postsppModeling attackers and their motivesppDoing science with near missesppPosts about Adams Threats bookppPosts about Adams Threat Modeling bookppPosts about The New School of Information Security bookppAbout this blogppRSSATOM The RSS feed is
here We recommend RSS as the best way to follow this blog
and think generally RSS is the best way to take control of the
information you take in You can read our thinking hereppEmail If youd like a lower volume set of
updates on what Adam is doing Adams New
Thing gets only a few messages a year guaranteed We include
a subset of posts in eachpp26 Mar 2025ppGrateful to introduce the Hackers Almanackpp20 Mar 2025ppA group of us have urged HHS to require better handling of security reportspp12 Mar 2025ppRegister for OWASP training in Barcelonapp11 Mar 2025ppThinking about Covid five years onppThreat Model Thursday exploring specific published threat modelsppThreat Modeling general topicppApplication SecurityppSoftware EngineeringppCloud SecurityppComplianceppAI ChatGPTppPrivacy Personal SecurityppResearch ReportsppBook ReviewsppNewsppPodcasts Videos WebinarsppOur site works best with Javascript enabled however we have done our best to minimize any negative impacts to your experience without itp
Categories
compliance
government
security
ppGeneral threat modeling postsppThe Security Principles of Saltzer and Schroeder illustrated with Star WarsppOther Star Wars blog postsppModeling attackers and their motivesppDoing science with near missesppPosts about Adams Threats bookppPosts about Adams Threat Modeling bookppPosts about The New School of Information Security bookppAbout this blogppRSSATOM The RSS feed is
here We recommend RSS as the best way to follow this blog
and think generally RSS is the best way to take control of the
information you take in You can read our thinking hereppEmail If youd like a lower volume set of
updates on what Adam is doing Adams New
Thing gets only a few messages a year guaranteed We include
a subset of posts in eachpp26 Mar 2025ppGrateful to introduce the Hackers Almanackpp20 Mar 2025ppA group of us have urged HHS to require better handling of security reportspp12 Mar 2025ppRegister for OWASP training in Barcelonapp11 Mar 2025ppThinking about Covid five years onppThreat Model Thursday exploring specific published threat modelsppThreat Modeling general topicppApplication SecurityppSoftware EngineeringppCloud SecurityppComplianceppAI ChatGPTppPrivacy Personal SecurityppResearch ReportsppBook ReviewsppNewsppPodcasts Videos WebinarsppOur site works best with Javascript enabled however we have done our best to minimize any negative impacts to your experience without itp
