The HIPAA Security Rule, drafted in 1998, did not anticipate cloud computing. Now, healthcare organizations and cloud vendors must work together to determine security responsibilities. Each party has a role to play, with the cloud service provider (CSP) responsible for physical security and internal access controls, while the customer controls encryption and file permissions. The HIPAA Security Rule was not designed for this shared security model, but regulatory guidance has acknowledged its importance. Healthcare organizations must carefully assess their cloud hosting capabilities and risks to ensure a strong security program.

UK firms are 'sleepwalking' into smart building cyber threats
Summarize this content to a maximum of 60 words: The convergence of operational technology and IT systems is posing serious risks for property firms.