Healthcare Breach Trends: Analysis of the 2020 IBM & Ponemon Data Breach Report

Healthcare has once again topped the list of the highest average breach cost per industry segment according to the 2020 IBM Cost of a Data Breach Report. The perennial data breach report is in its 15th year and is once again administered by the highly regarded Ponemon Institute. Healthcare has been the top cost sector for breaches for last 10 years running, peaking at $10m per breach in 2018 and leveling back to $7.13m this year. Healthcare remains atop the costliest sectors for breaches, followed closely by the Energy and Financial Services industries. Read More

Enterprise Risk Reporting: The Healthcare CISO’s Achilles Heel

Information security leaders and risk management teams for healthcare entities have struggled to update their reporting models to keep pace with the increasing variety and complexity of risks facing the modern healthcare ecosystem. The inability to effectively communicate meaningful security metrics that drive informed risk decisions from the business has become the Achilles heel for many healthcare CISOs. Read More

HITRUST Certification FAQs

This blog article is recommended for any organizations that are considering pursuing HITRUST certification, recertification, or alignment with HITRUST CSF security control requirements. HITRUST stands for the Health Information Trust Alliance. HITRUST is a non-profit organization that created and maintains the HITRUST Common Security Framework ("CSF") and HITRUST Assurance Program. HITRUST was developed specifically for the healthcare industry and provides a framework for organizations to comply with various regulations and standards based on the organization's size, types of systems deployed, and applicable regulatory requirements. Read More

OCR Presents: 2019-2020 Year in Review

I recently had the opportunity to deliver a presentation alongside leadership from the Office for Civil Rights (OCR) on the state of HIPAA Security Rule compliance and enforcement. The ability to get visibility into third-party data supply chains and their respective security and compliance postures will soon become the paramount mandate for information security programs. Effective healthcare security and compliance programs of the next decade must quickly adjust their orientation in 2020 towards the inspection and protection of downstream vendors and systems responsible for critical business functions.  Read More

HITRUST Assessment Scoping Changes

The HITRUST Alliance recently issued updates to the assessment scoping factor questions in MyCSF for HITRUST CSF Validated Assessments and HITRUST CSF Readiness Assessments. The change is designed to reduce the number of repeat requirement statements that are marked as “Not Applicable”. This blog article is recommended for any organizations that are currently pursuing HITRUST certification, recertification, or are considering aligning with HITRUST CSF security control requirements. Read More

HITRUST COVID-19 Bridge Certifications Explained

The HITRUST Alliance recognizes that COVID 19 is creating extraordinary circumstances and that HITRUST CSF Certification holders may be unable to meet the deadline for renewing their certifications by the two-year anniversary date. Read More

Surfing the Wave of New Privacy Regulations | California’s CCPA Explained

A wave of new state privacy regulations has healthcare entities scrambling to stand up programs to address patient information protections. On the heels of ground-breaking Global Data Protection Regulation (GDPR) mandates out the EU, U.S. regulators in over 20 states are starting to incorporate privacy controls including new and proposed legislation. One of the most prominent and comprehensive new privacy laws is the California Consumer Privacy Act (CCPA). This blog post provides a quick summary of the CCPA law and implications for healthcare entities. Read More