BLOG

How to Build a Resilient Third-Party Risk Management Program

In today’s interconnected healthcare landscape, managing third-party risk has become more crucial than ever. As healthcare organizations increasingly rely on external vendors for essential services, the risks associated with these third parties have skyrocketed. Recent incidents, such as the breaches involving Change Healthcare and the Salesforce, have exposed sensitive patient data, disrupted services, and caused significant reputational and financial damage. These events underscore the severe consequences of inadequate third-party risk management and the necessity of a proactive approach to safeguarding your organization.  Read More

Cyber Risk Management: The Ultimate Olympic Challenge

In the world of cybersecurity and risk management, success isn’t a short sprint to the finish line. It's a marathon—a grueling Olympic event where the course is unpredictable, the competition is fierce, and the rules keep changing. Unlike a single victory lap, winning in this arena requires ongoing stamina, agility, and an ever-evolving strategy. Read More

Global IT Outage Impacts Healthcare: What Happened?

A global CrowdStrike CSAgent outage began on July 18, 2024, at approximately 03:00 UTC. Following widespread reports of windows system crashes (and some uncertainty about the cause), initial investigations by industry personnel and subsequently CrowdStrike's engineering team identified a critical issue in the latest software update which inadvertently introduced a bug causing widespread service disruption. Read More

Why Cybersecurity Checks are a Must Before Acquiring or Merging with Another Hospital

Merging with or acquiring another hospital can be an exciting step toward expanding your services and improving patient care. However, in today’s tech-centric world and the rise in cyber threats targeting healthcare sector, this process also brings potential risks. Ensuring you conduct a thorough cybersecurity due diligence assessment is vital. Here’s why this step is so important. Read More

URGENT SECURITY ALERT: MOVEit Vulnerability Identified

Meditology Services, your trusted partner in healthcare cybersecurity, is issuing an emergency alert for all healthcare organizations using MOVEit Transfer software. A security vulnerability potentially exposing sensitive information has recently been discovered. Read More

HIPAA Compliance Audits

Our team at Meditology performs these assessments for both covered entities and business associates, no matter their size. Meditology uses the OCR’s audit protocol and can provide your organization with information about which HIPAA standards are partially- or non-compliant along with recommendations to bring those items into compliance. Our vast experience in healthcare allows us to tailor the recommendations to suit your organization’s needs and available resources.  Read More

Navigating the Cyber Storm: A Healthcare Cyber Leader's Guide to Communication and Expectation Management

Today’s cyber leader must exhibit a blend of technological acumen, strategic vision, and communicative prowess to lead effectively amidst what can only be described as a 'cyber storm'. This article will explore the expectations that confront cyber leaders within the healthcare domain, offering insights and strategies to thrive in this fast-evolving landscape. Read More

SOC 2 + CIS Controls

Many of our clients inquire about incorporating other standards into their SOC 2 exam. A common standard that is industry agnostic is the Center for Internet Security’s Critical Security Controls (CIS Controls). The CIS Controls are a set of best practices you can use to ensure you have a strong cybersecurity process in place.  Read More