The links are a little messed up, so you might want to wait until about 10AM tomorrow to take a look, but, my newest NetSPI post is up.

Also, if you are interested in understanding a bit more about how PCI impacts industries outside of retail and hospitality or in looking through some more technical posts on penetration testing and the like, I’d tune into the NetSPI blog.  The team has really embraced blogging and collectively we are putting out a very good mix of posts (at least I think so.)

Although this blog is focused on retail (and hospitality), PCI extends into every other industry as well that has to deal with cardholder data.  Healthcare is really where retail was 5 years ago in terms of understanding PCI and what they need to do to address the standard.

POS companies have at least had time to learn and understand PCI through their clients, healthcare software companies haven’t had this time to learn and they still have to get their PA-DSS validation on by this coming July.  Feel for them.

NetSPI Blog » Healthcare Solutions and PA-DSS Compliance with a Deadline in July.