Note: We here at CloudShark aren’t HIPAA experts, we just think its neat to talk about. Don’t take this as “official” advice. We’ve been harping lately on network security, which is one of the reasons we included secure delete as a new feature in CloudShark 2.4. This got us having some “water-cooler” (we don’t have a water cooler, it’s actually a shark tank) discussion around the security of packet captures in general, and naturally, how that applies to regulations like HIPAA, the “Health Insurance Privacy and Accountability Act”.
If there’s one thing we noticed about 2014, it was the year of Really Big Vulnerabilities ™. Sure, these sorts of things happen all the time, but now more than ever it is becoming obvious that perimeter security is not sufficient and each constituent system in a network must be regarded as a public system, regardless of assumption. Systems will be compromised, and preparing for what to do after an attack is just as important as preventing attacks in the first place.