BLOG

CISA Publishes Cyber Performance Goals for Healthcare

What does it mean to win at cyber risk management? Succeeding in cybersecurity and risk management is not about stopping a single attack or checking a box for compliance or security control implementation accomplishments. It is not about climbing a mountain, planting a flag, and declaring victory. Instead, cyber risk management is a dynamic game where the rules, adversaries, and tactics are constantly changing and evolving. Cyber risk management has become the ultimate endurance sport that requires relentless conditioning, practice, teamwork, and assembling the right equipment, leaders, and gameplan to prevail day in and day out. This blog post provides a playbook for assembling elite healthcare cybersecurity and risk management programs that are built to endure and dominate the game we have all suited up to play. Read More

Cyber Risk Management: The Ultimate Endurance Sport

What does it mean to win at cyber risk management? Succeeding in cybersecurity and risk management is not about stopping a single attack or checking a box for compliance or security control implementation accomplishments. It is not about climbing a mountain, planting a flag, and declaring victory. Instead, cyber risk management is a dynamic game where the rules, adversaries, and tactics are constantly changing and evolving. Cyber risk management has become the ultimate endurance sport that requires relentless conditioning, practice, teamwork, and assembling the right equipment, leaders, and gameplan to prevail day in and day out. This blog post provides a playbook for assembling elite healthcare cybersecurity and risk management programs that are built to endure and dominate the game we have all suited up to play. Read More

HIPAA Risk Analysis, Risk Assessment, & Evaluation: Is There a Difference?

We hear the terms risk assessment, risk analysis, and evaluation used routinely in healthcare settings, often in the context of HIPAA compliance. The big question: is there a material difference between these terms from a HIPAA regulatory perspective? Answering this question correctly is critical to maintaining HIPAA compliance and staying out of hot water with regulators. Many organizations that have misunderstood and misapplied these terms have ended up facing multi-million-dollar settlements with the Office for Civil Rights (OCR) for failure to comply with the HIPAA Security Rule. Read More

New NIST Guidance on Compliance with the HIPAA Security Rule

NIST has released new guidance for covered entities to comply with the HIPAA Security Rule. The publication is titled: "Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule: A Cybersecurity Resource Guide". This blog post provides a summary of key points in the new NIST publication alongside Meditology’s analysis and further recommendations in support of NIST’s guidance. Read More

Hospitals Sharing PHI with Facebook: HIPAA Analysis & Recommendations

Much like volunteer firefighters, healthcare entities must invest in developing, testing, and updating emergency response plans and procedures to maintain a constant state of readiness for these inevitable attacks. The good news is that the public and private sectors have been releasing industry guidance and tools at an unprecedented pace to support incident response programs for healthcare entities. There is no need for healthcare CISOs to reinvent the wheel with these standards and best practices that are applicable to all cybersecurity programs. Read More

Fighting Cyber Fires: Cybersecurity Incident Response Checklist for Hospitals

Much like volunteer firefighters, healthcare entities must invest in developing, testing, and updating emergency response plans and procedures to maintain a constant state of readiness for these inevitable attacks. The good news is that the public and private sectors have been releasing industry guidance and tools at an unprecedented pace to support incident response programs for healthcare entities. There is no need for healthcare CISOs to reinvent the wheel with these standards and best practices that are applicable to all cybersecurity programs. Read More