|
|
|
|
|
|
by chrisrogers
2151 days ago
|
|
|
Well in the case of UCSF, they paid $1.14M[1]. But really, I expect such a law would provide for exceptions, with a maximum payout capability. And for such a law to come after an offsite airgap backup requirement for such entities. But really, the answer is that the equivalent physical criminal action: walking into a hospital and absconding with all of their medical records, would result in criminal action against the thief. Their actions may be akin to manslaughter if deaths result. [1]: https://www.ucsf.edu/news/2020/06/417911/update-it-security-... |
|
|