Blog

  • Colorado Breach Law Uses Long Arms to Protect Health Information Not Covered by HIPAA

    Colorado Breach Law Uses Long Arms to Protect Health Information Not Covered by HIPAA

    Colorado has put into place a new law that will require organizations handling digital personal information of Colorado residents have security safeguards in place to protect information from...

    Read More
  • Learn What We Found After Assessing Hundreds of Healthcare Organizations' Conformance with NIST CSF

    Learn More
  • When is data collected for research PHI covered by HIPAA and when is it not?

    When is data collected for research PHI covered by HIPAA and when is it not?

    On June 1, 2018, an OCR ALJ decision imposed civil monetary penalties against the University of Texas MD Anderson Cancer Center for data that was on two lost thumb drives and a stolen laptop. MD...

    Read More
  • The 4 Most Commonly Missed Endpoint Devices in Healthcare

    The 4 Most Commonly Missed Endpoint Devices in Healthcare

    “Endpoint” is a term that seems to have a variable definition in many of today’s organizations. Like the name itself suggests an endpoint is simply any connected device capable of processing,...

    Read More
  • ×

    Subscribe to Our Monthly Cyber Bulletins with the Latest News, Tips and More!

    First Name
    Last Name
    Company
    Thank You!
    Error - something went wrong!
  • Building and Maintaining an Effective Compliance Program with Limited Resources

    Building and Maintaining an Effective Compliance Program with Limited Resources

    It is often said an effective compliance program is difficult to measure, but experienced compliance professionals “know it when they see it”. This is not much comfort to many compliance...

    Read More
  • Learning The Basics of Biomedical Security…From Ebola

    Learning The Basics of Biomedical Security…From Ebola

    Public Health In 2014 and 2015, the world faced a major health crisis when individuals throughout the world were being exposed to the Ebola virus. Because of the highly contagious nature of the...

    Read More
  • Detecting and Protecting: Why Security Incidents Keep Surprising Us

    Detecting and Protecting: Why Security Incidents Keep Surprising Us

    Why are we so bad at detecting and protecting against security incidents? Attackers need only find a single flaw that will allow them to gain entry to a system. Those that protect them, on the...

    Read More
  • Emerging Security Threats: Keeping Your Healthcare Organization Protected

    Emerging Security Threats: Keeping Your Healthcare Organization Protected

    David Finn was recently interviewed by Maureen McKinney at Phreesia about emerging security threats and keeping your healthcare organization protected. Below is the full interview. Maureen: David,...

    Read More
  • Five Best Practices to Improve Your Third-Party Risk Management Program

    Five Best Practices to Improve Your Third-Party Risk Management Program

    Each third-party vendor relationship comes with a selection of risks that must be recognized in time. These third-party risks are usually multi-dimensional because they extend across other...

    Read More
  • Eight Top Misconceptions About Managed Print Services

    Eight Top Misconceptions About Managed Print Services

    Managed Print Services (MPS) has been around for a long time and there seems to be as many approaches to Managed Print Services as there are definitions of Managed Print Services. It has always...

    Read More
  • OCR Says Gap Analysis Does Not Meet HIPAA Requirements

    OCR Says Gap Analysis Does Not Meet HIPAA Requirements

    The HHS Office for Civil Rights (OCR) has issued guidance answering the question that performing a gap analysis of an information system’s safeguards is not enough to meet the minimum requirements...

    Read More
  • Attacking Your Own Network: A Lesson on Penetration Testing for Healthcare

    Attacking Your Own Network: A Lesson on Penetration Testing for Healthcare

    On the Ides of March, or very close to it on March 7th, I will take the HIMSS 2018 stage with Chuck Kesler, CISO of Duke Health, talking to our fellow healthcare IT professionals about penetration...

    Read More
  • What Can Be Done About Drug Diversion?

    What Can Be Done About Drug Diversion?

    A Growing Problem for Healthcare Organizations The opioid crisis and drug addiction are not just among criminals. The issue is growing among all segments of the population including healthcare...

    Read More
  • The Top Four Healthcare Cybersecurity Trends for 2018

    The Top Four Healthcare Cybersecurity Trends for 2018

    In order to explore the likely cybersecurity trends coming our way in 2018, we must first take a quick look back at 2017. Last year was a banner year in about as many ways as one can think of....

    Read More
  • 2017 Workshop Recap

    2017 Workshop Recap

    2017 was an active year for healthcare IT professionals. 78% of healthcare providers experienced a ransomware or malware attack, and many of these attacks reinforced the fact that an attack can...

    Read More
  • HIPAA Enforcement: 2017 Year in Review

    HIPAA Enforcement: 2017 Year in Review

    2017 will go down as a change year for Health Insurance Portability and Accountability Act (HIPAA) enforcement of the Privacy, Security, and Breach Notification Rules. This comes on the heels of...

    Read More
  • Guide to Proactive Access Monitoring and Auditing Under the HIPAA Security Rule

    Guide to Proactive Access Monitoring and Auditing Under the HIPAA Security Rule

    Monitoring and auditing of access to protected health information by many organizations is prompted by patient complaints or some other event triggering the need to conduct an investigation. This...

    Read More
  • What is the NH-ISAC 90-Day DMARC Challenge?

    What is the NH-ISAC 90-Day DMARC Challenge?

    Healthcare organizations are more vulnerable to phishing attacks as the average maturity of security controls and training is less than that of other industries, such as banking. Successful...

    Read More
  • Wi-Fi Has Vulnerability News, But Wireless Risks are Hardly New

    Wi-Fi Has Vulnerability News, But Wireless Risks are Hardly New

    It’s likely that you’ve already heard about KRACK in the last few days. KRACK is a new and somewhat alarming vulnerability recently disclosed in the Wi-Fi Protected Access 2 (WPA2) wireless...

    Read More
  • Recent Attacks Reveal New Supply Chain Vulnerabilities

    Recent Attacks Reveal New Supply Chain Vulnerabilities

    The NotPetya attack in late June 2017 spotlighted a new attack vector that has been successful in attacking specific domains. In the summer NotPetya Ransomware attack, the attackers successfully...

    Read More
  • Printer and Multi-Function Device Security: Why Compliance and Privacy Officers Should Care

    Printer and Multi-Function Device Security: Why Compliance and Privacy Officers Should Care

    Security of an organization’s printers and multi-function devices, as well as the data on those devices, is handled by the IT department, right? While this might be true, compliance and privacy...

    Read More
  • loading
    Loading More...