Blog

Healthcare Breach Trends: Analysis of the 2020 IBM & Ponemon Data Breach Report

Healthcare has once again topped the list of the highest average breach cost per industry segment according to the 2020 IBM Cost of a Data Breach Report. The perennial data breach report is in its 15th year and is once again administered by the highly regarded Ponemon Institute. Healthcare has been the top cost sector for breaches for last 10 years running, peaking at $10m per breach in 2018 and leveling back to $7.13m this year. Healthcare remains atop the costliest sectors for breaches, followed closely by the Energy and Financial Services industries. Read More

Published On August 6, 2020

Enterprise Risk Reporting: The Healthcare CISO’s Achilles Heel

Information security leaders and risk management teams for healthcare entities have struggled to update their reporting models to keep pace with the increasing variety and complexity of risks facing the modern healthcare ecosystem. The inability to effectively communicate meaningful security metrics that drive informed risk decisions from the business has become the Achilles heel for many healthcare CISOs. Read More

Published On July 23, 2020

HITRUST Certification FAQs

This blog article is recommended for any organizations that are considering pursuing HITRUST certification, recertification, or alignment with HITRUST CSF security control requirements. HITRUST stands for the Health Information Trust Alliance. HITRUST is a non-profit organization that created and maintains the HITRUST Common Security Framework ("CSF") and HITRUST Assurance Program. HITRUST was developed specifically for the healthcare industry and provides a framework for organizations to comply with various regulations and standards based on the organization's size, types of systems deployed, and applicable regulatory requirements. Read More

Published On June 30, 2020

OCR Presents: 2019-2020 Year in Review

I recently had the opportunity to deliver a presentation alongside leadership from the Office for Civil Rights (OCR) on the state of HIPAA Security Rule compliance and enforcement. The ability to get visibility into third-party data supply chains and their respective security and compliance postures will soon become the paramount mandate for information security programs. Effective healthcare security and compliance programs of the next decade must quickly adjust their orientation in 2020 towards the inspection and protection of downstream vendors and systems responsible for critical business functions. Read More

Published On June 16, 2020

HITRUST Assessment Scoping Changes

The HITRUST Alliance recently issued updates to the assessment scoping factor questions in MyCSF for HITRUST CSF Validated Assessments and HITRUST CSF Readiness Assessments. The change is designed to reduce the number of repeat requirement statements that are marked as “Not Applicable”. This blog article is recommended for any organizations that are currently pursuing HITRUST certification, recertification, or are considering aligning with HITRUST CSF security control requirements. Read More

Published On June 9, 2020

HITRUST COVID-19 Bridge Certifications Explained

The HITRUST Alliance recognizes that COVID 19 is creating extraordinary circumstances and that HITRUST CSF Certification holders may be unable to meet the deadline for renewing their certifications by the two-year anniversary date. Read More

Published On April 27, 2020

The Show Must Go On | Maintaining Continuity for InfoSec in a Crisis

Take a deep breath, this is not your typical COVID-19 blog entry. We are going to talk about everything else we need to manage in Information Security during the crisis to keep the wheels on the bus as we make sharp turns at high speeds in response to the pandemic. Read More

Published On April 16, 2020

Surfing the Wave of New Privacy Regulations | California’s CCPA Explained

A wave of new state privacy regulations has healthcare entities scrambling to stand up programs to address patient information protections. On the heels of ground-breaking Global Data Protection Regulation (GDPR) mandates out the EU, U.S. regulators in over 20 states are starting to incorporate privacy controls including new and proposed legislation. One of the most prominent and comprehensive new privacy laws is the California Consumer Privacy Act (CCPA). This blog post provides a quick summary of the CCPA law and implications for healthcare entities. Read More

Published On March 23, 2020

Healthcare Breach Trends: Analysis of the 2020 IBM & Ponemon Data Breach Report

Enterprise Risk Reporting: The Healthcare CISO’s Achilles Heel

HITRUST Certification FAQs

OCR Presents: 2019-2020 Year in Review

HITRUST Assessment Scoping Changes

HITRUST COVID-19 Bridge Certifications Explained

The Show Must Go On | Maintaining Continuity for InfoSec in a Crisis

Surfing the Wave of New Privacy Regulations | California’s CCPA Explained

Featured Blog Posts

Cloud Security Risk Assessments Instrumental in Transforming Healthcare Organizations’ Cloud Security Posture

Strengthening Medical Device Resiliency and Supply Chain Risk Preparedness in Clinical Settings

How to Build a Resilient Third-Party Risk Management Program

Cyber Risk Management: The Ultimate Olympic Challenge

Find the right RITHM for you.