Winds of Change: SOC 2 & Securing the Supply Chain

Groundbreaking cyberattacks against third-party vendors that support the healthcare ecosystem have begun to threaten patient safety and fundamental business operations for healthcare organizations. As a result, cybersecurity certifications like SOC 2 are fast becoming a mandate for vendors that participate in the healthcare supply chain. Read More

How to Strengthen Your Security Program

Health systems are experiencing a barrage of cybersecurity attacks. Establishing a strong security program is paramount to thwart bad actors’ plans of gaining access to critical data and systems. The majority of health systems have a security program in place, but programs will continually need to be strengthened and refined. What can health systems proactively do to continually enhance their security programs? KLAS reached out to five healthcare-focused cybersecurity firms and asked: “What can health systems do today to avoid pitfalls and gaps in their security programs?” Read More

New HITECH Amendment Provides HIPAA Safe Harbor for HITRUST Adoption

On January 5, 2021, the President signed bill HR 7898 into law that amends the HITECH Act to require the Department of Health and Human Services and OCR to recognize and promote best practice security for meeting HIPAA requirements. Specifically, the new law incentivizes covered entities and business associates to adopt industry best practices including HITRUST CSF certifications and NIST CSF standards. Read More

When Clouds Collide: Mitigating Federated Identity Attacks

The NSA has issued a cybersecurity advisory for cloud attack techniques currently in use by malicious actors that abuse federated identity trust models. This new approach allows attackers to jump across cloud-hosted platforms undetected and move from less-protected environments to more sensitive cloud applications like Microsoft Office365 email. Read More

Massive SolarWinds Breach Exposes Supply Chain Risks

A groundbreaking cyberattack against the Texas-based IT network solutions provider SolarWinds has resulted in unauthorized access to a wide range of government and private sector organizations. The extent, scale, and impact of the attack are still being assessed; however, initial indications are that the attack will have lasting security impacts for months and possible years to come for organizations including healthcare entities. Read More

Buckle Up for Big Regulatory Shifts for HIPAA, HITECH, OCR, & CMS

The era of highly digitized healthcare is upon us. However, there remain multiple obstacles on the patient information superhighway that have been preventing health information transmission from reaching top speeds. That is all about to change due to a fleet of new regulations introduced for HIPAA, HITECH, OCR, and CMS that are scheduled to go into effect in 2021. Recent regulatory updates have been announced that are designed to side-step and remove several obstacles that have been impeding the sharing of patient information across the continuum of care. Read More

Internet of Things Cybersecurity Improvement Act of 2020

Congress passed the Internet of Things Cybersecurity Improvement Act of 2019 on November 17, 2020. The new law is several years in the making and provides a welcome and much needed step forward for securing the growing network of unmanaged endpoint devices employed by healthcare and other industries. Congress passed the new bill and it promptly cleared the Senate by unanimous consent. The President signed the bill into law on December 4, 2020. Read More

The FDA’s New Medical Device Development Tools (MDDT) Program

The US Food and Drug Administration (FDA) announced a new Medical Device Development Tools (MDDT) program on October 20, 2020. The MDDT includes information security evaluation criteria for assigning risk ratings to medical device security vulnerabilities. This blog post provides a summary of the FDA’s MDDT program and its applicability for supporting medical device security programs for healthcare delivery organizations. Read More