Healthcare Security Risk Assessment & HIPAA Security Risk Analysis FAQs

Are you able to answer these questions about your security risk assessment process? Is a security risk assessment the same as a HIPAA security risk analysis? Does my organization need to assess every individual asset in our environment as part of a security risk assessment? Does a security certification like SOC 2 Type II, HITRUST CSF, or ISO count as a security risk assessment? Is a penetration test required for a security risk assessment? Is a HIPAA compliance review or gap assessment the same as a HIPAA Security Risk Analysis? Check out our security risk assessment FAQ to answer these and other related questions. Read More

Take a Pen Test Pill: Inoculation for Ransomware

Ransomware attacks seem to have no end in sight. Many healthcare security leaders are seeing their friends and peer organizations get infected, their vendors are getting infected and spreading ransomware across the supply chain, and it seems like only a matter of time until everyone gets hit. A great deal of attention and energy is appropriately being spent on preparing for ransomware infections and response activities, but isn’t there some way we can prevent or reduce the likelihood of infection in the first place? Read More

Healthcare Virtual CISO Success Factors

The talent shortage in cybersecurity has reached critical levels and healthcare organizations are struggling to find and retain qualified personnel. Our team here at Meditology has seen a significant uptick in placing our virtual CISO (vCISO), CISO as a Service, and Staff Augmentation resources out at clients who are struggling to find, place, and train the cyber talent. This blog post provides a collection of best practices for establishing a world-class cybersecurity program using virtual or traditional security staffing models. Read More

HITRUST Releases Version 9.5 | Implications for Healthcare Organizations

One of the many, many things we’ve learned over the last year or more of living and working through a pandemic, is that cybersecurity needs to evolve with the changing threat landscape. Likewise, the regulatory landscape and the security related frameworks we rely upon must attempt to keep pace. HITRUST is no exception as they seek to constantly evolve and update the HITRUST CSF, certifications, and processes. Read More

White House and FDA Launch New Medical Device Security Plan

The FDA has announced a plan to improve cybersecurity practices for medical devices in response to the White House’s effort to bolster cybersecurity across the supply chain. Kevin Fu, acting director of medical device cybersecurity at the FDA’s Center for Devices and Radiological Health, has warned of cyber-attacks not just affecting technology that stores and processes data, but also affecting technology directly responsible for patient health. Read More

The Impact of New PCI DSS v4.0 Requirements for Healthcare

The PCI Security Standards Council has announced detailed timelines for the release of the much-anticipated PCI DSS version 4.0. Due to the scale and extent of the changes, the council is now targeting Q2 2022 for formal publication of the new framework. This blog post provides additional details about the timing of version 4.0 and its implications for healthcare entities. Read More

Healthcare CISOs Sound Off, Volume 3: HIPAA Compliance and Risk Management

The CyberPHIx is an audio podcast series that presents expert viewpoints on data security strategies for organizations handling patient health or personal information in the delivery of health-related services. Volume 3 of our "Healthcare CISOs Sound Off" blog series will address HIPAA compliance as part of a larger risk management program. This blog compiles quotes and recordings from some of the industry’s best and brightest leaders related to this important area of focus for healthcare risk management programs. Read More

Healthcare CISOs Sound Off, Volume 2: Risk Reporting & Engaging with the Business

The CyberPHIx podcast is a quick source for keeping up with the latest cybersecurity news, trends and industry leading practices, specifically for the healthcare industry. For those who don’t quite have the time to binge-listen through the entire catalog, we have compiled some highlights from our guests on a focused set of topics. We will be releasing these as our "Healthcare CISOs Sound Off" blog series in several installments. The topic of our second blog is risk reporting and engaging with the business. Read More