BLOG

NIST has released new guidance for covered entities to comply with the HIPAA Security Rule. The publication is titled: "Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule: A Cybersecurity Resource Guide". This blog post provides a summary of key points in the new NIST publication alongside Meditology’s analysis and further recommendations in support of NIST’s guidance. Read More

Much like volunteer firefighters, healthcare entities must invest in developing, testing, and updating emergency response plans and procedures to maintain a constant state of readiness for these inevitable attacks. The good news is that the public and private sectors have been releasing industry guidance and tools at an unprecedented pace to support incident response programs for healthcare entities. There is no need for healthcare CISOs to reinvent the wheel with these standards and best practices that are applicable to all cybersecurity programs. Read More

Much like volunteer firefighters, healthcare entities must invest in developing, testing, and updating emergency response plans and procedures to maintain a constant state of readiness for these inevitable attacks. The good news is that the public and private sectors have been releasing industry guidance and tools at an unprecedented pace to support incident response programs for healthcare entities. There is no need for healthcare CISOs to reinvent the wheel with these standards and best practices that are applicable to all cybersecurity programs. Read More

Cyberattacks on healthcare entities have become the top source of cyber breaches in the last several years according to the Office for Civil Rights (OCR) public breach reporting database. Ransomware has become big business for cybercriminals targeting healthcare entities and their supporting vendor supply chain. Read More

The PCI Security Standards Council has released the much-anticipated PCI DSS version 4.0 this week. The update is several years in the making and includes significant control requirement overhauls. Healthcare organizations must update policies, procedures, and control requirements to maintain compliance with the new PCI v4.0 standard. This blog post provides details about the new requirements for PCI v4.0 and the timing for compliance for healthcare entities. Read More

Healthcare organizations are scrambling to adjust their cybersecurity preparation and response capabilities in the wake of potential cyberattacks stemming from the ongoing conflict between Russia and Ukraine. Meditology has been monitoring the situation closely and advising our healthcare clients on the latest threat vectors and response approaches. This blog post provides guidance for US-based healthcare entities for preparing and responding to cyberattacks and cyberwar tactics deployed as part of this ongoing conflict. Read More

Cyberattacks against healthcare organizations and their business associate vendors have begun to threaten patient safety and fundamental business operations. As a result, SOC 2 audit reports have become one of the most common and cost-effective vehicles for healthcare organizations to demonstrate adoption of controls relevant to security, availability, confidentiality, processing integrity and privacy. We have compiled these SOC 2 frequently asked questions to support healthcare organizations and vendors supporting the healthcare ecosystem that are looking to pursue SOC 2 examinations. Read More