BLOG

CISA Publishes Cyber Performance Goals for Healthcare

What does it mean to win at cyber risk management? Succeeding in cybersecurity and risk management is not about stopping a single attack or checking a box for compliance or security control implementation accomplishments. It is not about climbing a mountain, planting a flag, and declaring victory. Instead, cyber risk management is a dynamic game where the rules, adversaries, and tactics are constantly changing and evolving. Cyber risk management has become the ultimate endurance sport that requires relentless conditioning, practice, teamwork, and assembling the right equipment, leaders, and gameplan to prevail day in and day out. This blog post provides a playbook for assembling elite healthcare cybersecurity and risk management programs that are built to endure and dominate the game we have all suited up to play. Read More

Cyber Risk Management: The Ultimate Endurance Sport

What does it mean to win at cyber risk management? Succeeding in cybersecurity and risk management is not about stopping a single attack or checking a box for compliance or security control implementation accomplishments. It is not about climbing a mountain, planting a flag, and declaring victory. Instead, cyber risk management is a dynamic game where the rules, adversaries, and tactics are constantly changing and evolving. Cyber risk management has become the ultimate endurance sport that requires relentless conditioning, practice, teamwork, and assembling the right equipment, leaders, and gameplan to prevail day in and day out. This blog post provides a playbook for assembling elite healthcare cybersecurity and risk management programs that are built to endure and dominate the game we have all suited up to play. Read More

Hospitals Sharing PHI with Facebook: HIPAA Analysis & Recommendations

Much like volunteer firefighters, healthcare entities must invest in developing, testing, and updating emergency response plans and procedures to maintain a constant state of readiness for these inevitable attacks. The good news is that the public and private sectors have been releasing industry guidance and tools at an unprecedented pace to support incident response programs for healthcare entities. There is no need for healthcare CISOs to reinvent the wheel with these standards and best practices that are applicable to all cybersecurity programs. Read More

Fighting Cyber Fires: Cybersecurity Incident Response Checklist for Hospitals

Much like volunteer firefighters, healthcare entities must invest in developing, testing, and updating emergency response plans and procedures to maintain a constant state of readiness for these inevitable attacks. The good news is that the public and private sectors have been releasing industry guidance and tools at an unprecedented pace to support incident response programs for healthcare entities. There is no need for healthcare CISOs to reinvent the wheel with these standards and best practices that are applicable to all cybersecurity programs. Read More

HITRUST is Shaking Things Up: Details for the New HITRUST i1 Certification and bC Assessment

The demand for healthcare organizations to obtain some form of security certification is at an all-time high due to escalations in breaches across the healthcare industry and its supporting supply chain. HITRUST provides the most widely adopted security certification for healthcare entities with its flagship HITRUST CSF Validated certification. However, not all certifications are created equal, and the industry is outgrowing the one-size-fits-all certification model.  Read More