Blog

  • User Access Monitoring: Convincing Your Governing Body that You Need to do This

    User Access Monitoring: Convincing Your Governing Body that You Need to do This

    User access monitoring is a requirement under the HIPAA Security Rule. However, the specifics of what must be done remain a little cloudy. The regulations state, “implement hardware, software,...

    Read More
  • Learn What We Found After Assessing Hundreds of Healthcare Organizations' Conformance with NIST CSF

    Learn More
  • Are State AGs Picking Up Slack in HIPAA Enforcement?

    Are State AGs Picking Up Slack in HIPAA Enforcement?

    David Holtzman was recently interviewed by Marianne Kolbasuk McGee of Information Security Media Group about The Arc of Erie County lawsuit which encountered a data breach that impacted more than...

    Read More
  • Ohio Creates Incentives to Proactively Adopt Cybersecurity Programs

    Ohio Creates Incentives to Proactively Adopt Cybersecurity Programs

    A new Ohio law, the Data Protection Act, incentivizes businesses and not-for-profit organizations that proactively put into place cybersecurity programs to safeguard electronic information...

    Read More
  • ×

    Subscribe to Our Monthly Cyber Bulletins with the Latest News, Tips and More!

    First Name
    Last Name
    Company
    Thank You!
    Error - something went wrong!
  • OCR Updates Audit Protocol Emphasizing its Role for Compliance

    OCR Updates Audit Protocol Emphasizing its Role for Compliance

    The US Department of Health and Human Services, Office for Civil Rights (OCR) has without fanfare updated its comprehensive audit protocol, making substantive changes to inquiries to demonstrate...

    Read More
  • Incident Response Planning: Paying NOT to Play

    Incident Response Planning: Paying NOT to Play

    If you’re reading this, I probably don’t need to tell you that an incident response plan is the best way to prepare for that information security or other cyber incident – from attack, to...

    Read More
  • Web Application Penetration Testing

    Web Application Penetration Testing

    I have been writing about penetration testing and its related skills for some time now but haven’t yet taken a good deep dive into web application penetration testing. In many ways, web...

    Read More
  • Ransomware Attack Leads to Discovery of Lots More Malware

    Ransomware Attack Leads to Discovery of Lots More Malware

    Ransomware has impacted several different healthcare organizations over the past few weeks, including Allied Physicians of Michiana and LabCorp. The latest victim is Blue Springs Family Care. I...

    Read More
  • 2018 Educational Workshop Feedback

    2018 Educational Workshop Feedback

    Cyber-attacks have been an increasing security and privacy threat to organizations, in fact the 2018 Cost of a Data Breach Study: Global Overview by Ponemon states that the health industry has one...

    Read More
  • Colorado Breach Law Uses Long Arms to Protect Health Information Not Covered by HIPAA

    Colorado Breach Law Uses Long Arms to Protect Health Information Not Covered by HIPAA

    Colorado has put into place a new law that will require organizations handling digital personal information of Colorado residents have security safeguards in place to protect information from...

    Read More
  • When is data collected for research PHI covered by HIPAA and when is it not?

    When is data collected for research PHI covered by HIPAA and when is it not?

    On June 1, 2018, an OCR ALJ decision imposed civil monetary penalties against the University of Texas MD Anderson Cancer Center for data that was on two lost thumb drives and a stolen laptop. MD...

    Read More
  • The 4 Most Commonly Missed Endpoint Devices in Healthcare

    The 4 Most Commonly Missed Endpoint Devices in Healthcare

    “Endpoint” is a term that seems to have a variable definition in many of today’s organizations. Like the name itself suggests an endpoint is simply any connected device capable of processing,...

    Read More
  • Building and Maintaining an Effective Compliance Program with Limited Resources

    Building and Maintaining an Effective Compliance Program with Limited Resources

    It is often said an effective compliance program is difficult to measure, but experienced compliance professionals “know it when they see it”. This is not much comfort to many compliance...

    Read More
  • Learning The Basics of Biomedical Security…From Ebola

    Learning The Basics of Biomedical Security…From Ebola

    Public Health In 2014 and 2015, the world faced a major health crisis when individuals throughout the world were being exposed to the Ebola virus. Because of the highly contagious nature of the...

    Read More
  • Detecting and Protecting: Why Security Incidents Keep Surprising Us

    Detecting and Protecting: Why Security Incidents Keep Surprising Us

    Why are we so bad at detecting and protecting against security incidents? Attackers need only find a single flaw that will allow them to gain entry to a system. Those that protect them, on the...

    Read More
  • Emerging Security Threats: Keeping Your Healthcare Organization Protected

    Emerging Security Threats: Keeping Your Healthcare Organization Protected

    David Finn was recently interviewed by Maureen McKinney at Phreesia about emerging security threats and keeping your healthcare organization protected. Below is the full interview. Maureen: David,...

    Read More
  • Five Best Practices to Improve Your Third-Party Vendor Risk Management Program

    Five Best Practices to Improve Your Third-Party Vendor Risk Management Program

    Each third-party vendor relationship comes with a selection of risks that must be recognized in time. These third-party vendor risks are usually multi-dimensional because they extend across other...

    Read More
  • Eight Top Misconceptions About Managed Print Services

    Eight Top Misconceptions About Managed Print Services

    Managed Print Services (MPS) has been around for a long time and there seems to be as many approaches to Managed Print Services as there are definitions of Managed Print Services. It has always...

    Read More
  • OCR Says Gap Analysis Does Not Meet HIPAA Requirements

    OCR Says Gap Analysis Does Not Meet HIPAA Requirements

    The HHS Office for Civil Rights (OCR) has issued guidance answering the question that performing a gap analysis of an information system’s safeguards is not enough to meet the minimum requirements...

    Read More
  • Attacking Your Own Network: A Lesson on Penetration Testing for Healthcare

    Attacking Your Own Network: A Lesson on Penetration Testing for Healthcare

    On the Ides of March, or very close to it on March 7th, I will take the HIMSS 2018 stage with Chuck Kesler, CISO of Duke Health, talking to our fellow healthcare IT professionals about penetration...

    Read More
  • What Can Be Done About Drug Diversion?

    What Can Be Done About Drug Diversion?

    A Growing Problem for Healthcare Organizations The opioid crisis and drug addiction are not just among criminals. The issue is growing among all segments of the population including healthcare...

    Read More
  • loading
    Loading More...