It’s a bug. He reported it, they fixed it. It is not a five alarm fire for HIPAA... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		Spooky23 6 months ago \| parent \| context \| favorite \| on: Copilot broke audit logs, but Microsoft won't tell... It’s a bug. He reported it, they fixed it. It is not a five alarm fire for HIPAA. HIPAA doesn’t require that all file access be logged at all. HIPAA also doesn’t require that a CVE be created for each defect in a product. End of the day, it’s a hand-wavy, “look at me” security blog. Don’t get too crazy.

waffleiron 6 months ago [–]

I am more on the privacy side of things like HIPAA, but I would like to link the following.

https://www.hhs.gov/sites/default/files/january-2017-cyber-n...

Spooky23 6 months ago | [–]

There’s discretion in reasonable and appropriate.

Biggest thing is to have plan and policy. I’d agree in general that more audit is better.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact