BLOG

A New Ransom: Hackers Say Pay Up or We Will Release Your Data

A recent publication from KrebsOnSecurity highlights an alarming shift in cybercriminals approach to getting paid for successful ransomware infections. Operators of the new strain of Maze ransomware are starting to release sensitive information of ransomware victims that fail to pay up. Healthcare entities subject to strict HIPAA breach notification requirements may end up with a double-whammy of inaccessible Electronic Health Records and regulatory compliance action. Read More

The Impact of OCR’s New HIPAA Penalty Limits

A new structure for HIPAA violation Civil Monetary Penalties (CMP) was announced by the OCR on April 26, 2019. This change greatly reduces the financial risk of HIPAA breach violations for covered entities that can demonstrate updated security risk management plans, policies and procedures for sensitive patient data. Read More

Bursting at the Seams: Security Audit Response Overload

Every pipeline has a capacity limit. Problems begin when the flow is clogged or overwhelmed. First as a small leak, then a rupture occurs where the whole pipeline is in jeopardy. Only we are not talking about fluids drowning us, it is the increasing volume of Healthcare Security Audits. How can businesses meet the security demands of healthcare clients and provide meaningful and timely responses to their security audit questionnaires? Read More

You Are Here. Mapping Out A Path to Security Program Maturity

While many healthcare entities have addressed some fundamental information security capabilities, our industry is still regarded in many ways as lagging behind other industries that are popular targets of data predators. Healthcare CISOs are grappling with the next phase of security risk management: How to move from inception to growth, maturity and ultimately a robust, proactive security environment that can meaningfully address the complexity and dynamic nature of our industry. Read More

Privacy Data Breaches | The Importance of Assessing Business Associate Privacy Controls

It’s a typical Monday. An inbox full of emails, a calendar full of appointments and a fresh cup of coffee nearby. The phone rings and it’s a patient calling to a report a possible inappropriate disclosure of their information. The patient’s mother is irate that a sensitive diagnosis was revealed in child support discussions. She is certain that the information came from your hospital. After calming the caller, you start your investigation and quickly find out that the breach was likely caused by an employee of your population health vendor. Read More

Caught in a Spider’s Web | A Fly-By View of Healthcare Data Security Vulnerabilities

Just as a spider spins a web to catch unsuspecting insects, cybercriminals spin clever traps to capture patient data from healthcare organizations. Healthcare security executives must work on evolving their data security programs to avoid being caught in a dangerous web that can threaten patient health, security and privacy. Discover how your organization can evolve into a more secure entity designed to protect against current and emerging threats in the healthcare ecosystem. Read More

The Evolving Landscape of Breach Notification Laws

GDPR has been a real game changer and has raised the bar when it comes to data breach notification and protecting personal data privacy. Following in the footsteps of the GDPR, the U.S. has seen several states issue significant changes concerning their data breach notification laws. This blog elaborates on new and upcoming breach notification laws. Read More

The Dynamic Duo of HITRUST and SOC 2 Certifications

There is a dynamic duo in healthcare data security assurance: HITRUST CSF certification and SOC 2 attestation. Aligning your data security program with healthcare standards contained in HITRUST CSF and the SOC 2 attestation can bring numerous benefits. Pursuing these together in a full-scale security initiative offers an efficient approach to securing healthcare data. Read More