Blog

  • Changes to New California Privacy Law Exempts Some Healthcare Organizations

    Changes to New California Privacy Law Exempts Some Healthcare Organizations

    Much has been written about the potential impacts that the California Consumer Privacy Act of 2018 (CaCPA) could make on health care organizations and their business partners. The California...

    Read More
  • Learn What We Found After Assessing Hundreds of Healthcare Organizations' Conformance with NIST CSF

    Learn More
  • IoT Security: How to Effectively Manage Endpoint Device Security

    IoT Security: How to Effectively Manage Endpoint Device Security

    IoT security is one of the most concerning and critical issues that we in healthcare face on a daily basis. All industries are affected by IoT devices threatening the integrity of their network...

    Read More
  • User Access Monitoring: Convincing Your Governing Body that You Need to do This

    User Access Monitoring: Convincing Your Governing Body that You Need to do This

    User access monitoring is a requirement under the HIPAA Security Rule. However, the specifics of what must be done remain a little cloudy. The regulations state, “implement hardware, software,...

    Read More
  • ×

    Subscribe to Our Monthly Cyber Bulletins with the Latest News, Tips and More!

    First Name
    Last Name
    Company
    Thank You!
    Error - something went wrong!
  • Are State AGs Picking Up Slack in HIPAA Enforcement?

    Are State AGs Picking Up Slack in HIPAA Enforcement?

    David Holtzman was recently interviewed by Marianne Kolbasuk McGee of Information Security Media Group about The Arc of Erie County lawsuit which encountered a data breach that impacted more than...

    Read More
  • Ohio Creates Incentives to Proactively Adopt Cybersecurity Programs

    Ohio Creates Incentives to Proactively Adopt Cybersecurity Programs

    A new Ohio law, the Data Protection Act, incentivizes businesses and not-for-profit organizations that proactively put into place cybersecurity programs to safeguard electronic information...

    Read More
  • OCR Updates Audit Protocol Emphasizing its Role for Compliance

    OCR Updates Audit Protocol Emphasizing its Role for Compliance

    The US Department of Health and Human Services, Office for Civil Rights (OCR) has without fanfare updated its comprehensive audit protocol, making substantive changes to inquiries to demonstrate...

    Read More
  • Incident Response Planning: Paying NOT to Play

    Incident Response Planning: Paying NOT to Play

    If you’re reading this, I probably don’t need to tell you that an incident response plan is the best way to prepare for that information security or other cyber incident – from attack, to...

    Read More
  • Web Application Penetration Testing

    Web Application Penetration Testing

    I have been writing about penetration testing and its related skills for some time now but haven’t yet taken a good deep dive into web application penetration testing. In many ways, web...

    Read More
  • Ransomware Attack Leads to Discovery of Lots More Malware

    Ransomware Attack Leads to Discovery of Lots More Malware

    Ransomware has impacted several different healthcare organizations over the past few weeks, including Allied Physicians of Michiana and LabCorp. The latest victim is Blue Springs Family Care. I...

    Read More
  • 2018 Educational Workshop Feedback

    2018 Educational Workshop Feedback

    Cyber-attacks have been an increasing security and privacy threat to organizations, in fact the 2018 Cost of a Data Breach Study: Global Overview by Ponemon states that the health industry has one...

    Read More
  • Colorado Breach Law Uses Long Arms to Protect Health Information Not Covered by HIPAA

    Colorado Breach Law Uses Long Arms to Protect Health Information Not Covered by HIPAA

    Colorado has put into place a new law that will require organizations handling digital personal information of Colorado residents have security safeguards in place to protect information from...

    Read More
  • When is data collected for research PHI covered by HIPAA and when is it not?

    When is data collected for research PHI covered by HIPAA and when is it not?

    On June 1, 2018, an OCR ALJ decision imposed civil monetary penalties against the University of Texas MD Anderson Cancer Center for data that was on two lost thumb drives and a stolen laptop. MD...

    Read More
  • The 4 Most Commonly Missed Endpoint Devices in Healthcare

    The 4 Most Commonly Missed Endpoint Devices in Healthcare

    “Endpoint” is a term that seems to have a variable definition in many of today’s organizations. Like the name itself suggests an endpoint is simply any connected device capable of processing,...

    Read More
  • Building and Maintaining an Effective Compliance Program with Limited Resources

    Building and Maintaining an Effective Compliance Program with Limited Resources

    It is often said an effective compliance program is difficult to measure, but experienced compliance professionals “know it when they see it”. This is not much comfort to many compliance...

    Read More
  • Learning The Basics of Biomedical Security…From Ebola

    Learning The Basics of Biomedical Security…From Ebola

    Public Health In 2014 and 2015, the world faced a major health crisis when individuals throughout the world were being exposed to the Ebola virus. Because of the highly contagious nature of the...

    Read More
  • Detecting and Protecting: Why Security Incidents Keep Surprising Us

    Detecting and Protecting: Why Security Incidents Keep Surprising Us

    Why are we so bad at detecting and protecting against security incidents? Attackers need only find a single flaw that will allow them to gain entry to a system. Those that protect them, on the...

    Read More
  • Emerging Security Threats: Keeping Your Healthcare Organization Protected

    Emerging Security Threats: Keeping Your Healthcare Organization Protected

    David Finn was recently interviewed by Maureen McKinney at Phreesia about emerging security threats and keeping your healthcare organization protected. Below is the full interview. Maureen: David,...

    Read More
  • Five Best Practices to Improve Your Third-Party Vendor Risk Management Program

    Five Best Practices to Improve Your Third-Party Vendor Risk Management Program

    Each third-party vendor relationship comes with a selection of risks that must be recognized in time. These third-party vendor risks are usually multi-dimensional because they extend across other...

    Read More
  • Eight Top Misconceptions About Managed Print Services

    Eight Top Misconceptions About Managed Print Services

    Managed Print Services (MPS) has been around for a long time and there seems to be as many approaches to Managed Print Services as there are definitions of Managed Print Services. It has always...

    Read More
  • OCR Says Gap Analysis Does Not Meet HIPAA Requirements

    OCR Says Gap Analysis Does Not Meet HIPAA Requirements

    The HHS Office for Civil Rights (OCR) has issued guidance answering the question that performing a gap analysis of an information system’s safeguards is not enough to meet the minimum requirements...

    Read More
  • loading
    Loading More...