Information security is a complex discipline in itself, complicated by the alphabet soup of standards and regulations. A recent case in point involved the FTC and a small dental software company, Henry Schein Practice Solutions Inc. This company marketed dental office software, which its literature claimed used “industry standard encryption” to protect patient data. The FTC deemed that since the company advertised a standard approach to encryption and did not follow NIST, it was in violation, costing it $250,000. You can be fully compliant with an industry standard like PCI or HIPAA, but not be secure.”]
Source: https://www.csoonline.com/article/3033161/security-standards-sorting-through-the-alphabet-soup.html