Healthcare CISOs Sound Off, Volume 3: HIPAA Compliance and Risk Management

The CyberPHIx is an audio podcast series that presents expert viewpoints on data security strategies for organizations handling patient health or personal information in the delivery of health-related services. Volume 3 of our "Healthcare CISOs Sound Off" blog series will address HIPAA compliance as part of a larger risk management program. This blog compiles quotes and recordings from some of the industry’s best and brightest leaders related to this important area of focus for healthcare risk management programs. Read More

Healthcare CISOs Sound Off, Volume 2: Risk Reporting & Engaging with the Business

The CyberPHIx podcast is a quick source for keeping up with the latest cybersecurity news, trends and industry leading practices, specifically for the healthcare industry. For those who don’t quite have the time to binge-listen through the entire catalog, we have compiled some highlights from our guests on a focused set of topics. We will be releasing these as our "Healthcare CISOs Sound Off" blog series in several installments. The topic of our second blog is risk reporting and engaging with the business. Read More

Healthcare CISOs Sound Off, Volume 1: Medical Device Security

I have been hosting The CyberPHIx for over three years now. During that time, I have had the honor and privilege to speak with some of the healthcare industry’s most innovative thought leaders and experts in cybersecurity, privacy, compliance, and risk. For those who don’t quite have the time to binge-listen through the entire catalog, we have compiled some highlights from our guests on a focused set of topics. We will be releasing these as our "Healthcare CISOs Sound Off" blog series in several installments. The topic for our first blog is Medical Device Security. Read More

New HITRUST Reservation System for Scheduling Quality Assurance of Validated Assessments

On April 15th 2021, HITRUST® announced a new reservation system for scheduling quality assurance for validated assessments. For all validated assessments submitted on or before June 30th 2021, HITRUST will continue to process on a first come, first served basis. Any assessments that will be submitted on or after July 1st 2021, will require Assessed Entities to schedule the start of quality assurance (QA) procedures within the HITRUST MyCSF® platform. Read More

How Hackers Hold Hospitals, and Your Health, for Ransom | WebMD

Article by Paul Frysh, WebMD | Brian Selfridge knew his time was up. From his perch in a locked conference room with the blinds half closed, he could see two members of the hospital IT team rounding the corner with what looked like a clear sense of purpose. He suppressed a smile as he watched the pair running circles around each other. One of them -- brow furrowed, eyes buried in an open laptop -- walked right past his room, saying, "He's right here! He's got to be!" Read More

HIPAA Risk Analysis Fundamentals: Industry Tested, OCR Approved

Risk analysis is one of four required implementation specifications in the Security Management Process section of the HIPAA Security Rule. The rule requires covered entities to “[c]onduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information held by the [organization].” Too often, we see healthcare organizations missing the mark on aligning with the Risk Analysis requirements as defined in the HIPAA Security Rule and running afoul of OCR and regulators in the process. Read More

Healthcare's Microsoft Exchange Critical Exposure

Over 30,000 organizations, including healthcare entities, have been infiltrated by a Chinese-affiliated espionage group via zero-day vulnerabilities in Microsoft Exchange email servers. The attack has wide-ranging impacts for healthcare organizations, a majority of which use Microsoft to provide email services. This blog article provides an overview of the Microsoft Exchange breach, its origins, and the latest recommendations for mitigation from Microsoft, the CISA, and Meditology’s technical security and ethical hacking experts. Read More

Winds of Change: SOC 2 & Securing the Supply Chain

Groundbreaking cyberattacks against third-party vendors that support the healthcare ecosystem have begun to threaten patient safety and fundamental business operations for healthcare organizations. As a result, cybersecurity certifications like SOC 2 are fast becoming a mandate for vendors that participate in the healthcare supply chain. Read More