[ObsoleteNerd]

As someone who spends a fair few weeks a year in hospital, the idea of internal hospital security cameras being connected to the internet at all is absolutely fucking horrifying. It's people at their most vulnerable, and FTA it says it was even cameras aimed at the beds, not just hallways and public areas.

The fact that ANY internet-connected camera system can be considered HIPAA compliant is ridiculous. Anyone who's had any exposure to the internet in the last 20 years has seen dozens of stories of cloud-connected cameras being exposed online... baby cameras, security cameras, etc. Combine that with the number of big hacks increasing, and the idea of any internet-connected camera being "secure/private" should basically be laughed at.

What will happen? Nothing. The hackers will be blamed, not the managers/executives who thought this was a good idea in the first place, or the multiple tiers of people who are responsible for security in these companies.

[unsrsly]

IANAL but HIPAA compliance comes from following certain policies and procedures (e.g. for encryption and account provisioning). These rules are necessary but not sufficient to guarantee security. As for cameras in hospitals, I have only seen these pointed at beds in specific scenarios (e.g. epilepsy monitoring) but obviously it is important to keep these video feeds secure.