Blog

  • Attacking Your Own Network: A Lesson on Penetration Testing for Healthcare

    Attacking Your Own Network: A Lesson on Penetration Testing for Healthcare

    On the Ides of March, or very close to it on March 7th, I will take the HIMSS 2018 stage with Chuck Kesler, CISO of Duke Health, talking to our fellow healthcare IT professionals about penetration...

    Read More
  • Learn What We Found After Assessing Hundreds of Healthcare Organizations' Conformance with NIST CSF

    Learn More
  • What Can Be Done About Drug Diversion?

    What Can Be Done About Drug Diversion?

    A Growing Problem for Healthcare Organizations The opioid crisis and drug addiction are not just among criminals. The issue is growing among all segments of the population including healthcare...

    Read More
  • The Top Four Healthcare Cybersecurity Trends for 2018

    The Top Four Healthcare Cybersecurity Trends for 2018

    In order to explore the likely cybersecurity trends coming our way in 2018, we must first take a quick look back at 2017. Last year was a banner year in about as many ways as one can think of....

    Read More
  • ×

    Subscribe to Our Monthly Cyber Bulletins with the Latest News, Tips and More!

    First Name
    Last Name
    Company
    Thank You!
    Error - something went wrong!
  • 2017 Workshop Recap

    2017 Workshop Recap

    2017 was an active year for healthcare IT professionals. 78% of healthcare providers experienced a ransomware or malware attack, and many of these attacks reinforced the fact that an attack can...

    Read More
  • HIPAA Enforcement: 2017 Year in Review

    HIPAA Enforcement: 2017 Year in Review

    2017 will go down as a change year for Health Insurance Portability and Accountability Act (HIPAA) enforcement of the Privacy, Security, and Breach Notification Rules. This comes on the heels of...

    Read More
  • Guide to Proactive Access Monitoring and Auditing Under the HIPAA Security Rule

    Guide to Proactive Access Monitoring and Auditing Under the HIPAA Security Rule

    Monitoring and auditing of access to protected health information by many organizations is prompted by patient complaints or some other event triggering the need to conduct an investigation. This...

    Read More
  • What is the NH-ISAC 90-Day DMARC Challenge?

    What is the NH-ISAC 90-Day DMARC Challenge?

    Healthcare organizations are more vulnerable to phishing attacks as the average maturity of security controls and training is less than that of other industries, such as banking. Successful...

    Read More
  • Wi-Fi Has Vulnerability News, But Wireless Risks are Hardly New

    Wi-Fi Has Vulnerability News, But Wireless Risks are Hardly New

    It’s likely that you’ve already heard about KRACK in the last few days. KRACK is a new and somewhat alarming vulnerability recently disclosed in the Wi-Fi Protected Access 2 (WPA2) wireless...

    Read More
  • Recent Attacks Reveal New Supply Chain Vulnerabilities

    Recent Attacks Reveal New Supply Chain Vulnerabilities

    The NotPetya attack in late June 2017 spotlighted a new attack vector that has been successful in attacking specific domains. In the summer NotPetya Ransomware attack, the attackers successfully...

    Read More
  • Printer and Multi-Function Device Security: Why Compliance and Privacy Officers Should Care

    Printer and Multi-Function Device Security: Why Compliance and Privacy Officers Should Care

    Security of an organization’s printers and multi-function devices, as well as the data on those devices, is handled by the IT department, right? While this might be true, compliance and privacy...

    Read More
  • How Has Information Security Changed in Healthcare & How Can We Keep improving?

    How Has Information Security Changed in Healthcare & How Can We Keep improving?

    It has been almost two years since I started this incredible journey at CynergisTek and in healthcare. In that time, what I have found to be the most impressive is the amount of ongoing and...

    Read More
  • OCR Says Desk Audits Rates Many HIPAA Efforts to be Inadequate or Worse

    OCR Says Desk Audits Rates Many HIPAA Efforts to be Inadequate or Worse

    The U.S. Department of Health and Human Services, Office for Civil Rights (OCR) released preliminary results from Phase 2 of the HIPAA Audit Program. The data was drawn from limited scope desk...

    Read More
  • Groundhog Day: The Cyclical Nature of InfoSec & How We Can Break the Cycle

    Groundhog Day: The Cyclical Nature of InfoSec & How We Can Break the Cycle

    In the classic movie Groundhog Day, the main character played by Bill Murray finds himself trapped reliving the exact same day over and over again. In the film, he eventually decides to make the...

    Read More
  • The Importance of Security and Disaster Recovery Plans

    The Importance of Security and Disaster Recovery Plans

    Having a solid security plan is extremely important to build an effective information management program.

    Read More
  • What Does a Cybersecurity Workforce Look Like?

    What Does a Cybersecurity Workforce Look Like?

    There is consensus agreement that threats that exploit vulnerabilities in the health care cyberinfrastructure grow and evolve at a breakneck pace. Organizations that take a holistic view in...

    Read More
  • The Evolution of Disruption: How Ransomware Has Changed the Face of Disruption

    The Evolution of Disruption: How Ransomware Has Changed the Face of Disruption

    A History Lesson on Ransomware The first known instance of what we now know as ransomware was seen in 1989. This first attempt was a poorly executed endeavor to extort $189 from the victims, but...

    Read More
  • Business Associates, Ransomware and Breach Notifications: Why Covered Entities Must be Diligent

    Business Associates, Ransomware and Breach Notifications: Why Covered Entities Must be Diligent

    The increase of ransomware attacks on healthcare entities and their business associates continues to be a significant concern. While covered entities (CE) have their own issues to deal with when...

    Read More
  • What would a Petya attack on your organization or your BA mean?

    What would a Petya attack on your organization or your BA mean?

    Petya, or NotPetya as some call it, has shown itself to either be very poorly thought out ransomware, or more likely a full on destructive malware attack thinly veiled as ransomware. In essence, a...

    Read More
  • Why are hospitals challenged when hiring cybersecurity professionals?

    Why are hospitals challenged when hiring cybersecurity professionals?

    Hospital administrators are reporting challenges in hiring and retaining cybersecurity professionals needed to mitigate the new cyber threats. The issue is getting broad attention outside of...

    Read More
  • Being a Person Does Not Mean You Understand People

    Being a Person Does Not Mean You Understand People

    IT and InfoSec professionals have been playing catch up with users since the beginning of time (as long as you consider the first computer the beginning of time like I do). This is at least...

    Read More
  • loading
    Loading More...