August 10, 2022

How to build an Incident Response Team 2022

[4 min read] Updated for 2022 -  Includes 11 Tips for Building your Incident Response Team As the rate of data breaches is on the rise it is no...
Read more
August 2, 2022

Forbes: How to Navigate the Top Risk and Security Trends of 2022

[3 min read] Forbes Q&A with Grant Elliott, co-founder, CEO, and Chairman of Ostendio This is an excerpt from an article that appeared in Forbes on...
Read more
July 7, 2022

3 Steps to Start your Third-Party Risk Management Program

[4 min read] As supply chains become more complex, third-party and vendor data breaches have increasingly become one of the most significant threats...
Read more
May 10, 2022

7 reasons a traditional GRC tool is not enough

[5 min read] To the busy CISO, it might seem like implementing a GRC (Governance, Risk and Compliance) tool will be an easy way to create and manage...
Read more
May 9, 2022

The Rise and Fall of SOC 2 audits

[5 min read] Is the AICPA asleep at the wheel? More and more tech companies are seeking to demonstrate their security posture by undertaking a SOC 2...
Read more
April 25, 2022

3 Vendor Risk Management challenges and how to solve them

[5 min read] Vendor Risk management is a hot topic especially when you realize that many of the most high-profile data breaches are due to vendors or...
Read more
April 5, 2022

3 Steps to Establishing a Vendor Risk Management Program

[4 min read] Why vendors may be the biggest security risk to your organization Of the companies that experienced a data breach in 2021, over 90% of...
Read more
March 9, 2022

Why The Location of Data is Critical to Data Security and Risk Management

[3 min read] It is amazing to think about how much data we all create these days. With so many employees working remotely, and the rise in the number...
Read more
February 23, 2022

Who owns data?

[4 min read] Data ownership is a complicated topic, much more complicated than most might think. We often talk about data security in possessive...
Read more
February 7, 2022

Do you know where your data is?

[5 min read] And who has access to it? When I talk to CEOs and security professionals about data security, the one question that continually trips...
Read more
January 19, 2022

The evolving landscape of Integrated Risk Management

[5 min read] If you are involved with, or interested in, the data security world then no doubt you have heard many definitions of integrated risk...
Read more
December 3, 2021

How to Prepare for a SOC 2 Audit

[4 min read] Security standards, reports, and certifications are becoming essential for vendors and technology firms. Certifications, such as SOC 2,...
Read more
November 17, 2021

Understanding the science of risk management

[4 min read] Risk management is not well understood. Often there is confusion between risk management and risk assessment, and added to that...
Read more
October 27, 2021

How Ostendio Found its Purpose

[4 min read] I had not heard the term “Mission Corp” until earlier this year.  It came up when I was interviewing someone for a role at Ostendio and,...
Read more
October 27, 2021

Prioritizing Cybersecurity in a Hybrid Workplace

[3 min read] This blog is the last in a series from the National Cybersecurity Alliance in support of Cybersecurity Awareness Month 2021. Ostendio is...
Read more
October 21, 2021

Why You Should Consider a Cyber Career

[2 min read] Ostendio is proud to be a 2021 Cybersecurity Awareness Month Champion. This blog is part of a series from the National Cybersecurity...
Read more
October 12, 2021

3 Fundamentals for Shoring Up Phishing Defenses

[3 min read] Ostendio is proud to be a  2021 Cybersecurity Awareness Month Champion. This blog is part of a series from the National Cybersecurity...
Read more
October 1, 2021

Ostendio is a Cybersecurity Awareness Month Champion 2021

[4 min read] Every October we raise awareness about Cybersecurity together with the National Cybersecurity Alliance. Their series of blog posts for...
Read more
September 23, 2021

Embracing a Data Driven approach to Risk Management is the key to success

[4 min read] We all know how hectic the life of a CISO can be regardless of the size of business they support or the industry they are involved in. ...
Read more
September 9, 2021

5 Most Common Vendor Risk Management Mistakes and how to avoid them

[4 min read] When it comes to managing risk, companies often overlook their vendors. But Vendor Risk Management should be an integral element of any...
Read more
August 3, 2021

Remote vs Hybrid Work and the Real Cybersecurity Risk

[4 min read] We are at a turning point as companies are deciding what to do about returning to the office after the pandemic. As many schools prepare...
Read more
July 29, 2021

3 Steps to Improve Your Company's Security Posture

[4 min read] Late last year we wrote a blog that looked at Risk Management and Data Security and suggested what you might do differently as we headed...
Read more
July 16, 2021

How to avoid a Kaseya-type attack

[4 min read] There’s one thing that you can count on in the news right now and that’s another report of a data breach or ransomware attack. They seem...
Read more
July 13, 2021

Why preparing for a SOC audit takes more than 2 weeks

[4 min read] Have you ever wished you could run a marathon?  I have run a few and I can tell you it is hard work and takes a lot of training just to...
Read more
June 23, 2021


[3 min read] Many organizations know that they need to operate in line with HIPAA to protect sensitive data but they have also heard about HITRUST...
Read more
June 22, 2021

What is the difference between risk management and risk assessment?

[4 min read] I have learned over my time working in the cybersecurity space that for many people and business leaders there is a lot of confusion...
Read more
June 16, 2021

Security Audit: An Auditor's View

[4 min read] Security Audits can improve your organizational efficiency and data security When it comes to conducting audits there are multiple...
Read more
May 26, 2021

Easing the top 3 pain points of security audits

[4 min read] Daunting. That’s the word we hear the most from customers when it comes to thinking about completing a security audit. Time, money and...
Read more
May 24, 2021

What is regulatory compliance?

[5 min read] Customers see a lot of confusing terms when they are looking at building a security program.  Terms such as “regulatory compliance”,...
Read more
May 5, 2021

3 trends for safely managing security and risk in 2021

[4 min read] We talked previously about the type of cybersecurity and risk management challenges to expect in 2021, but the trends driving these...
Read more
April 15, 2021

What is a SOC report?

[4 min read] SOC reports simplified with our top 10 questions and answers One of the most popular frameworks we get questions about is the SOC 2...
Read more
March 31, 2021

Are you dissatisfied with your GRC platform?

[4 min read] 5 Key features you need that a traditional GRC provider doesn’t offer When we talk to customers, prospects and even audit partners, they...
Read more
March 25, 2021

Hint Health Benefits from Multiple Security Standards

[4 min read] Hint Health is a technology enabled Direct Primary Care (DPC) solutions company that partners with visionary provider organizations to...
Read more
March 11, 2021

Why is Vendor Risk Management a 'tick the box' process for most companies?

[5 min read] There is much confusion around Vendor Risk Management (VRM), what it is and how to handle it properly for all sizes of business. Too...
Read more
February 4, 2021

Arklign builds an always-on approach to security

[4 min read] If you come from the tech-centric world of Tesla and Apple and enter the world of dental labs where orders are sent by paper, phone or...
Read more
January 21, 2021

How will the healthcare industry deal with data in 2021?

[4 min read] The role of information technology has infiltrated the day to day mechanics of all industries, especially healthcare. Information...
Read more
January 8, 2021

Cybersecurity challenges for 2021 - moving beyond the audit

[4 min read] A recent article in SecureWorld “Lessons from 2020, and what to expect in 2021: An evolutionary time in cyber and privacy” looks back at...
Read more
December 22, 2020

The most important lessons to take away from the SolarWinds hack

[5 min read] The data breach involving FireEye and SolarWinds was shocking. As the leader of a cybersecurity platform company, a significant breach...
Read more
December 16, 2020

Risk Management and Data Security: Do these things differently in 2021

[5 min read] 2020 was undoubtedly a shock to the system, shaking up everyone’s personal and business life. At Ostendio we transitioned quickly to a...
Read more
November 19, 2020

Making SOC 2 audits simple

Are you feeling a little overwhelmed at the thought of a security audit? Have you heard the SOC 2 name mentioned in meetings but don’t understand...
Read more
October 29, 2020

Cybersecurity and the 2020 Election

The election news cycle is in full swing as we near the big day on November 3rd. Regardless of how you vote, at Ostendio we encourage all employees...
Read more
October 15, 2020

A guide to optimizing your existing security program

Many larger companies, and some medium sized companies, have a focused CISO with a great IT team who have all worked hard to establish a data...
Read more
October 1, 2020

Cybersecurity Awareness Month 2020

Thinking about cybersecurity is a full time, 365 day-a-year job at Ostendio but for many it comes to mind most during October when the National...
Read more
September 17, 2020

You passed your security audit...what’s next?

If you’ve recently built a data security and risk management program and passed a security audit, you’ve accomplished more than many organizations. ...
Read more
September 11, 2020

Worried your business is too small for an effective cybersecurity program?

The first step in any process is often the hardest. Realizing that you need to take action is just the beginning, deciding what action to take is...
Read more
September 3, 2020

How great Customer Service can benefit your business

As a CISO, you’ve spent time deciding on the best platform to suit your data security and risk management needs and you are ready for the...
Read more
August 27, 2020

The value of bringing in experts during an audit

When it is time to prepare for your first audit you might be filled with dread.  How are you going to get through the audit? Will your employees or...
Read more
August 20, 2020

How to run a successful data security program

It feels great to get to the point where you have built a cybersecurity program for your business. As a CISO you got the executive buy-in, everyone...
Read more
August 14, 2020

How to Build a Comprehensive Cybersecurity Program

Even before the COVID-19 pandemic took hold, too many organizations were not looking at a broad enough approach to cybersecurity as they evaluated...
Read more
August 6, 2020

Twitter breach highlights why IT-centric security programs are insufficient

We might not be surprised when we read about another data breach but it does turn heads when it is a well-known brand like Twitter.  Recent reports...
Read more
July 30, 2020

How Data Sets You Free (and Keeps You Safe)

The typical company significantly under invests in cyber security, a situation that is likely to be exacerbated as companies look to cut expenses...
Read more
July 23, 2020

The Future Of Operational Risk Management

Security and Risk Management can be complicated. Predicting what might happen to your business and preparing to protect and mitigate against those...
Read more
July 14, 2020

MyVCM CrossWalk Assessment shows increase in drive for multiple security standards

We have learnt a lot in the last year since we launched the successful MyVCM CrossWalk Assessment feature, an addition to the industry leading ...
Read more
July 2, 2020

Are you ready for CCPA enforcement? Six steps to take right now

The California Consumer Privacy Act (CCPA) went into effect on January 1st 2020 but there are stages to its enforcement and we are about to hit...
Read more
June 25, 2020

One year in: MyVCM CrossWalk Assessments has changed the way we approach security audits

It is hard to believe it has been a year since we launched MyVCM CrossWalk Assessments. This new feature radically changed the way companies...
Read more
June 11, 2020

Renewing your SOC 2 could be easier than you think!

Security certifications are a must for vendors and technology firms. Many organizations choose SOC 2 as a way of demonstrating effective risk...
Read more
May 28, 2020

5 ways to save money by rethinking your Data Security approach

CIOs have mostly ridden out the remote work surge caused by COVID-19.  The employees who can work remotely are now safely settled in their home...
Read more
May 21, 2020

GDPR 2 years on- what happened to all the hype?

May 2020 marks the second year that GDPR has been in effect and we have already seen some significant fines totalling over $126 million.  Google has...
Read more
May 13, 2020

How SOC audits help businesses during uncertain times

How is your business showing compliance to operational and business risks during these uncertain times? Many companies turn to the popular SOC report...
Read more
May 7, 2020

Business Efficiency: the hidden benefit of an information security program

During these difficult times it is understandable that organizations may be looking for creative ways to cut costs or gain efficiency.  While...
Read more
April 29, 2020

How can a Risk Management platform support your business during a crisis?

We are all getting used to our new “normal” but many businesses, both big and small, have been caught off-guard by the COVID-19 crisis. Having to...
Read more
April 17, 2020

Using Risk Management strategies to help us effectively Socially Distance

As we start to adapt to our new quarantined life, one of the things that has struck me is how different people have benchmarked what they constitute...
Read more
April 10, 2020

Is Zoom just the tip of the iceberg?

From the recently announced privacy issues being investigated by the New York Attorney General at Zoom, all the way back to the Zenefits scandal in...
Read more
March 26, 2020

7 Tips to Reduce Risk Stemming from Remote Work

If you have a team working remotely due to the COVID-19 virus you are obviously not alone as we adjust to this new normal way of work.  At present, 1...
Read more
March 19, 2020

5 Biggest Mistakes Companies Make in Vendor Risk Management -- and how to avoid them

Vendor Risk Management is a hot topic at the moment and for good reason.  A recent study by the Ponemon Institute showed 59% of companies have...
Read more
March 3, 2020

Top 5 Questions (and answers) about Vendor Risk Management

If you missed our recent webinar “Re-thinking Vendor Risk Management” you can listen to it free and on-demand here.  In the webinar we talked about...
Read more
February 25, 2020

Checking in on HIPAA in 2020

What do you need to know about HIPAA in 2020? This year, the changes are not so much about HIPAA itself, but about things that directly affect how...
Read more
January 28, 2020

Top 10 Considerations for GRC Software Tools

When we talk to customers, prospects, and even audit partners, they are often overwhelmed with the choices they have for GRC tools.  There is a lot...
Read more
January 27, 2020

Super Bowl Fever at Ostendio - Football and Security have more in common than you might think!

We are huge football fans at Ostendio!  Even though we spend our days helping customers with their cybersecurity challenges, many of us also...
Read more
January 15, 2020

Why Integrated Risk Management is Becoming the Preferred Approach to Data Security

There’s an inherent risk to doing business, particularly business that touches personal data. For years now, the business community – from healthcare...
Read more
January 7, 2020

Cybersecurity Predictions 2020: CCPA Leads in a year of oversight and regulation!

The start of a decade is always an exciting time. When you think about how technology has changed in the last 10 years you can only imagine what...
Read more
January 7, 2020

8 Highlights of Ostendio’s Success in 2019

2019 was an incredible year of growth for Ostendio.  We continue to ramp up our business while working hard every day to deliver on our promises to...
Read more
December 17, 2019

Our Top 5 Most Popular Security, Audit and Risk Management Webinars of 2019

Webinars are some of our most popular content on the Ostendio web site. Across 2019 we hosted a series of webinars that combined best practices and...
Read more
December 2, 2019

5 Must-Read Ostendio Blog Posts of 2019

We’ve had an incredible year of growth at Ostendio and, as our company has grown, so has our blog readership.  At the end of every year, we revisit...
Read more
November 26, 2019

The 10 Step Process for Building an Incident Response Team

We are all used to doing regular fire drills at the office or at school, and we accept the benefits of having defined roles and responsibilities...
Read more
November 19, 2019

5 Mistakes Companies Make in the Security Audit Process

It’s easy to make mistakes.  We’ve all done it. Maybe you’ve put the milk in the cupboard and the cereal in the fridge this morning! These things...
Read more
November 5, 2019

Easing the Pain of Security Audits with MyVCM Auditor Connect

Today we announced an exciting new addition to the Ostendio MyVCM platform - MyVCM Auditor Connect. You can read the press release here, but I...
Read more
October 31, 2019

What Anyone in Healthcare Needs to Know about Data Breaches

There is no single industry with greater sensitivity to data breaches than healthcare. But unfortunately, breaches across healthcare companies,...
Read more
October 18, 2019

How to Stay Safe Online with National Cybersecurity Awareness Month (NCSAM)

Ostendio is a champion of National Cybersecurity Awareness Month (NCSAM) which is observed every October. This month of awareness was created as a...
Read more
October 11, 2019

Why do auditors need to remain independent?

Recent news that PwC (PricewaterhouseCoopers LLP) has agreed to pay US$7.9 million in fines to settle U.S. Securities and Exchange Commission charges...
Read more
September 27, 2019

How To Choose a SOC 2 Auditor: 6 Questions to Ask

When you begin planning for a SOC 2 audit, one of the first big decisions is choosing an external audit firm. You want a firm who can help you...
Read more
September 10, 2019

Measuring the ROI of a SOC 2 Audit

As many companies - and their vendors - are moving data to the cloud, there are often concerns about the security of their sensitive information. In...
Read more
August 29, 2019

Unpacking the SCF Capability Maturity Model

If you aren’t familiar with the Secure Controls Framework (SCF), you should be. It’s a non-profit organization dedicated to providing content that...
Read more
August 20, 2019

Cybersecurity Dictionary for 2019

In case you are new to the world of cybersecurity and are struggling to learn or understand some of the new terms you are hearing, don’t worry, we’re...
Read more
August 15, 2019

5 Trust Services Criteria of a SOC 2 Report

A SOC 2 report has 5 Trust Services Criteria, which have previously been commonly called Trust Services Principles. These Trust Service Criteria are...
Read more
August 14, 2019

HITRUST vs HIPAA: What Are the Differences?

HITRUST Certification is growing in popularity. What started as a framework for the healthcare industry has now expanded to include other regulated...
Read more
August 5, 2019

SOC 2 vs. SOC 1 or SOC 3: Which SOC Report Do I Need?

A Systems and Organizational Controls (SOC) report provides guidance on standards that should be used for operational and technological business...
Read more
August 2, 2019

What the Capital One Breach Should Teach Us About Vendor Security Management

The news of the Capital One breach rocked the banking industry this week.  It is significant because it wasn’t a virus or an outside hacker but...
Read more
July 25, 2019

5 lessons learned from the Equifax breach

One of the biggest news items this week in the world of security is the Equifax settlement with the FTC. The Equifax data breach was one of the...
Read more
July 22, 2019

Preparing for the CCPA? 6 Steps to Get You Started

We hear about personal data breaches and cybersecurity attacks daily in the news. The California Consumer Privacy Act (CCPA) is one state’s answer to...
Read more
July 11, 2019

New Document Management Capabilities in Ostendio MyVCM

Sometimes what seems like a low-level feature can actually be a very big deal in the world of cybersecurity and compliance. That’s why I’m really...
Read more
June 11, 2019

Introducing Crosswalk Assessments from Ostendio

Today is an exciting day for Ostendio customers as we launch the third component of our CrossWalk feature set - CrossWalk Assessments. This new...
Read more
June 10, 2019

Check Out the Brand New Website!

2019 has been a great year so far for Ostendio! More companies than ever are using MyVCM for Security and Risk Management (also called  Integrated...
Read more
May 21, 2019

7 Reasons Companies Can’t Avoid a Security Risk Assessment

If you’re a company with the view that cybersecurity is largely an IT issue, you may take the attitude of “We’ve got this.” Hold that thought. When...
Read more
February 20, 2019

What the HITRUST & NIST Alignment brings to Healthcare Organizations

You might have heard that HITRUST has launched a certification program for the NIST Cybersecurity Framework. The new certification for NIST...
Read more
February 6, 2019

Risk Management: What does it Mean to your 2019 Security Strategy?

For CISOs, data risk is like a fire underfoot. Data’s very fluidity and its constant generation makes a complete lockdown impossible - no matter...
Read more
January 24, 2019

5 Things to Know Before Buying Compliance Management Software

How do you choose the right compliance management software ? Technology can seriously streamline compliance management efforts and help you ...
Read more
January 14, 2019

What's Needed for the Private Market to Take Data Security Seriously?

After the Marriott data breach, the Quora breach, the Anthem breach, and the Uber breach… well, you get the picture. After all of these data...
Read more
January 4, 2019

5 Data Privacy and Security Predictions for 2019

In 2018 we started to see the effect of a global grassroots movement that demands stronger data privacy parameters. As of December 2018, reported ...
Read more
January 2, 2019

Open Sesame! Is your password secure?

While “Open Sesame!” might be one of the oldest passwords, the recent National Cyber Security Center list of regularly used passwords makes for...
Read more
November 14, 2018

5 Tips for Creating a Culture of Cybersecurity

You’ve likely heard about organizations having a culture of compliance but not as much about having a culture of cybersecurity. Yet as threats to our...
Read more
October 24, 2018

5 Ways to Integrate your Cybersecurity and Compliance Programs

Data breaches aren’t just a problem for security professionals. The impact is felt across the whole business—from your legal team, embroiled in...
Read more
September 27, 2018

Why SMBs Need to Ramp up Security Awareness Training

Did you know that small to medium-sized businesses (SMBs) may have a higher cybersecurity risk than larger counterparts when you consider...
Read more
September 10, 2018

5 Ways to Protect Your Workforce Against Breach Fatigue

Is news of a data breach becoming “white noise”? Thanks to the sheer frequency of data breaches, the general attitude toward online security is...
Read more
August 27, 2018

Have you Identified What Data is Worth Defending?

Cyber experts like former Federal CISO Gregory Touhill feel that managing risk is paramount to, and more effective than, trying to defend everything,...
Read more
August 15, 2018

Why the California Consumer Privacy Act is Important to all Online Users

No matter the criticism of the “rush job” regarding the newly passed AB375, the California Consumer Privacy Act, its underlying purpose makes it the...
Read more
August 9, 2018

How do you Prevent Unauthorized Access to ePHI?

That’s a million dollar question. No, really, it could literally cost you millions not to know. In doubt? Fresenius isn’t. It’s cost the dialysis...
Read more
July 20, 2018

Are you Managing your Vendor Risk?

It’s not uncommon today for businesses to outsource certain services to third-parties. However, with outsourcing, the risks of the service...
Read more
July 10, 2018

Can a Compliance Audit be Pain-Free?

No one ever looks forward to a compliance audit. However, there are steps you can take to alleviate some of the pains felt before an audit, and it...
Read more
June 22, 2018

How to Help Employees Rethink Compliance and Security

What’s your current approach to compliance? Policies and procedures in place, a security risk analysis every eighteen months, and an annual slide...
Read more
June 13, 2018

What the HITRUST & NIST Alignment Brings to Healthcare Organizations

HITRUST (Health Information Trust Alliance) and NIST (National Institute of Standards and Technology) recently announced that they have teamed up and...
Read more
May 17, 2018

Can you think like a cybercriminal? It may be your best defense against cryptominers.

After more than two years dealing with the menace of being held hostage by ransomware, cryptominers are the last thing healthcare IT and security...
Read more
May 8, 2018

HIPAA Plus: What Healthcare Needs to Understand about Cybersecurity

When it comes to HIPAA compliance and cybersecurity, the danger comes with thinking one assures the other. It doesn’t.  Just skim the daily headlines...
Read more
May 1, 2018

Big Cyber Growth in the Greater Washington Area

On Tuesday April 22nd, myself and Ostendio’s CEO, Grant Elliott, attend DCA LIVE’s 2018 BIG Cyber Growth Summit. As a cybersecurity product company...
Read more
April 23, 2018

Curiosity Killed the Healthcare Organization

Study Shows that Healthcare's Internal Security Breaches Exceed External Ones Was that Lady Gaga in the emergency room? What kind of procedure is my...
Read more
April 18, 2018

Security Awareness Training vs Human Error: Can it Make the Difference?

Phishing is quickly evolving to take advantage of that most difficult-to-prevent vulnerability: human error. A lack of security awareness can lead to...
Read more
April 5, 2018

'We’re a US Company, the EU’s GDPR doesn’t apply!' Think again.

If you collect any EU resident’s identifying data as broadly defined under the EU’s General Data Protection Regulation, aka GDPR, you now have...
Read more
March 26, 2018

Should you Integrate your GRC Platform with your Back-End Systems?

One of the key objectives when developing an effective security and compliance management program is to remain interdependent of core systems.  While...
Read more
March 19, 2018

How to Prepare for a SOC 2 Audit

Security certifications are fast becoming need-to-haves for vendors and technology firms. Certifications, such as SOC 2, can offer a cost-efficient...
Read more
March 14, 2018

The Path to HITRUST Certification Success

If you’re reading this blog, you’re likely very aware that HITRUST certification and its proprietary MyCSF (Common Security Framework) is...
Read more
February 28, 2018

I’m Not an IT Employee, How Can I Protect Sensitive Data?

With so much data being created, sometimes it’s hard to tell what’s sensitive data and what isn’t, what’s a risk to it and what’s not. This can be...
Read more
February 14, 2018

To Pay or Not to Pay? Authorities say “No” to Ransomware Demands

According to Kaspersky, a company is hit by ransomware every 40 seconds. There’s a lot that goes into handling a ransomware cyberattack, not the...
Read more
January 22, 2018

Why the IoT Security of Medical Devices falls on Device Makers

When you’re a medical device manufacturer, your primary goal is to get your product into hospitals and care provider networks. The internet of things...
Read more
January 8, 2018

How about a Cybersecurity Resolution for 2018?

It’s a new year with a new budget, and a new year’s resolution for laser-focus on cybersecurity. That should be easier to keep than the ones for no...
Read more
January 4, 2018

Compliance and Security: Why One Does NOT Equal The Other

It’s an all-too- common misunderstanding, but a robust information security program doesn’t mean you’re in compliance with whatever regulations...
Read more
December 20, 2017

ePHI Data Breaches: How to Reduce the Human Risk

As we wrap up 2017, the number of healthcare data breaches are up over 2016, with 41% caused by “insiders” per the Protenus Breach Barometer mid-year...
Read more
November 29, 2017

Better Together: Security & Privacy

When you think about protecting sensitive data, do you think about privacy or security? It’s a trick question because the answer should be “Both.”...
Read more
November 10, 2017

Small Businesses “Get It” when it comes to Cybersecurity

As we wrap up Cybersecurity Awareness Month, keep in mind that cybercriminals are indiscriminate in who they attack. Large business, small business,...
Read more
October 30, 2017

Why HIPAA Remains Important to Healthcare Data Protection

For the last eighteen months or so, media coverage of healthcare hasn’t been focused so much on HIPAA regulations, but on the cybersecurity strength...
Read more
October 19, 2017

The Road Ahead: Year-end Trends in Healthcare Cybersecurity

Healthcare data breaches account for over 22% of the data breaches so far in 2017. To put a number on it, that’s nearly 2 million health data...
Read more
September 18, 2017

3 Meaningful Steps for Data Breach Prevention and Preparation

Reported data breaches show that HIPAA violation settlements are on the upswing, both in terms of the number of individuals affected and financial...
Read more
August 28, 2017

Ostendio Nominated for Best Tech Start-Up

We’re proud to announce that Ostendio has been shortlisted as a finalist in the “Best Technology Startup” category for the Third Annual Timmy Awards....
Read more
August 14, 2017

The Evolution of Ransomware and Prioritizing Healthcare Data

Has your organization experienced a data breach yet? Increasingly, odds are that you will, if you haven’t already. According to Protenus, 2017 is...
Read more
August 9, 2017

Top InfoSec Conferences 2017 - 2018

Are you always on the look out for the best InfoSec conferences to attend? We've found several helpful resources to point you in the right direction,...
Read more
July 31, 2017

HIPAA & HITRUST: Learning to Walk, Before You Can Run

Are you considering HITRUST but haven’t yet put your HIPAA house in order? That’s similar to starting college when you’ve not yet earned your high...
Read more
July 19, 2017

Cybercriminals Don’t Discriminate: Size Doesn’t Matter

Whenever we read the latest headlines on cybercrimes and data breaches, it’s easy to slough it off as being something that only happens to the big...
Read more
July 7, 2017

Security Pros Expect Major Breach in 2 Years: Petya Another Warning

Sixty percent of respondents to the 2017 Black Hat survey believe that a successful cyber attack on U.S. critical infrastructure will occur in the...
Read more
June 28, 2017

4th of July Tech Tips (and for Travel in General)

As America gears up for hot dogs, fireworks and celebrating with friends and family, keep in mind these five security tips to help protect your...
Read more
June 27, 2017

Do You Know What Data You Have? And How To Protect It?

Data breaches are at an all-time high in 2017. Many organizations cover data under one big security blanket. But what if you’re missing some of the...
Read more
June 12, 2017

Cybercrime in healthcare is the new normal. How can we reduce the number of attacks?

Ransomware is growing in popularity because it works. A recently released study by Google estimates that ransomware victims have paid over $25million...
Read more
June 2, 2017

Pledge 1%

Ostendio is proud to have joined the Pledge 1% organization, which is a corporate philanthropy movement dedicated to making the community a key...
Read more
May 30, 2017

Understanding ISO-27001 Requirements

What is ISO-27001? ISO-27001 is a globally recognized security framework.  It aims to “provide a model for establishing, implementing, operating,...
Read more
May 25, 2017

What is a SOC Report? Do I Need One?

SOC stands for Service Organizational Control. There are three types of SOC reports, but we’ll focus on the second one, which is “designed for the...
Read more
May 22, 2017

Using the WannaCry Ransomware Attack to Hone Prevention

It’s reported to have been one of the largest cyber extortion attacks to-date. The WannaCry (aka WanaCryptor 2.0) ransomware attack hit globally and...
Read more
May 9, 2017

Cybercrime: Why is the Healthcare Industry Under Siege?

Why is healthcare so heavily and successfully targeted by cybercrime? It’s a tough question, but after a record number of breaches last year – nearly...
Read more
March 14, 2017

Overview: Steps to Becoming HITRUST Certified

HITRUST. A term becoming increasingly popular in the healthcare arena. But what exactly is HITRUST? And what’s involved in becoming HITRUST certified?
Read more
March 8, 2017

HIPAA Compliance and Cloud Service Providers

Having patients feel safe sharing sensitive health information is critical to the future of informed population health. How can you ensure that you...
Read more
February 3, 2017

How does your Breach Security Compare to the rest of the Healthcare Industry?

According to research conducted by Intel in 2015, avoiding breaches and associated business impacts is the top privacy and security concern across...
Read more
February 1, 2017

HIPAA in a Non-ACA World: Would Information Security Change?

Does a repeal or reworking of the Affordable Care Act mean that we should expect less focus on HIPAA and cybersecurity? Almost certainly not. In...
Read more
December 20, 2016

Top 5 Predictions for Healthcare Cybersecurity in 2017

As 2016 draws to a close, it was a busy year for both companies defending themselves, and cyber criminals creating new forms of attack. As CEO of...
Read more
December 15, 2016

End-of-Year Round Up: 3 Must Read Ostendio Blog Posts

The Ostendio blog covered a lot of ground this year – from a 3-part series about Cybercrime in Healthcare – to the worst passwords your organization...
Read more
December 7, 2016

Compliance & Risk: Has the Zenefits Lesson Changed the Game?

After a lengthy process of “putting things to rights” in 17 states, Zenefits is paying up to US$7 million in penalties. As with other digital health...
Read more
November 16, 2016

HITRUST for the digital health startup: Should you consider it?

Demonstrating HIPAA compliance is a challenge for many digital health companies. In fact, smaller digital health companies often struggle to meet...
Read more
August 3, 2016

Cyberattacks: Vendor named as cause

In our Cybercrime article series, we say that it’s a good idea to check if your back door is unlocked. But what if you are the back door? In June, ...
Read more
July 13, 2016

FDA Guidance : “Go Ahead & Share”

FDA Guidance : “Go Ahead & Share” FDA encourages Medical Device Manufacturers to share Patient Data In the digital age of healthcare, consumers are...
Read more
June 28, 2016

HITRUST Certification – Is your client requesting it?

There’s a streamlined way to get there. A growing number of digital health companies are being asked to adopt the HITRUST standard. You too may soon...
Read more
June 14, 2016

Ransomware is changing Healthcare!

Ransomware attacks are changing how companies put a price on cybersecurity, and making it a Board Room issue. Think back to the data breaches at...
Read more
May 12, 2016

Ransomware Cyberattacks: 7 Steps to Protect Yourself!

In the last few months we have seen a spike in cybercrime with a series of ransomware attacks in the healthcare industry. Hospitals, from California...
Read more
April 18, 2016

The Brave (not so new) World of Compliance & Cybersecurity

GUEST BLOG: Our guest blog post  this week is written by Chris Apgar, CEO of Apgar and Associates, LLC. Chris is a recognized expert in Information...
Read more
April 5, 2016

Whipped Into Shape: 5 Compliance Questions To Ask Your Digital Health Partners

We are excited to have a guest blog post from Irina Ridley, Privacy and Compliance Officer for Omada Health.  Irina offers practical guidance  for...
Read more
March 31, 2016

Cybercrime in Healthcare - Part 3

This week we saw yet another cybercrime attack on a large hospital system. This is the latest in a series of apparent ransomware attacks starting in...
Read more
March 24, 2016

Apple CareKit: What it means for Patient Privacy

Apple held their latest product unveil earlier this week and of course there was the obligatory newest iPhone announcement. What was more interesting...
Read more
March 2, 2016

Cybercrime in Health Care -Part 2

Hospitals: The New Frontier for Medical Device Cybercrime As I penned my most recent blog last week, I did not expect to have a new healthcare...
Read more
February 29, 2016

Cybercrime - How safe is your health data?

By now you may have heard about the recent ransom attack at Hollywood Presbyterian Medical Center. Hackers held the hospital’s electronics medical...
Read more
February 10, 2016

Zenefits is Just the tip of the Iceberg – 4 Reasons Why

The digital health market was rocked by the recent announcement that HR services darling Zenefits has gone from ‘rock star’ to a symbol of Silicon...
Read more
February 3, 2016

Worst Passwords - are you using one of these?

Did you see the recent Forbes article on the 2015 worst passwords list? It is not hugely better news over last year’s list, but it is always a good...
Read more
January 27, 2016

FDA takes on Mobile Security

A recent Healthcare IT News article revealed that 95% of FDA approved mobile health apps lack important technical protection layers. That means our...
Read more
January 14, 2016

You Took an Online Risk Assessment!

THINK YOU ARE COMPLIANT? THINK AGAIN! A key first step in being compliant with most security regulations, including HIPAA, is the completion of an...
Read more
December 14, 2015

Medical Identity Theft: Congress’s letter to OCR

In a letter from Congress to CMS (Centers for Medicare and Medicaid Services) and OCR (Office of Civil Rights) last month, the Senate HELP (Health,...
Read more
October 19, 2015

What the 3 Little Pigs Can Teach Us about Risk Assessments!

Once upon a time, there were three little pigs. These guys were entrepreneurs. The first little pig, Chaff, developed a digital application for a...
Read more
September 14, 2015

It’s the people, stupid!

Why the big focus on technical security solutions is like a sound bite! Here we are at the primary season preceding the 2016 Presidential elections...
Read more
August 20, 2015

4 Reasons why Healthcare Data Breaches will continue to rise! Part 2

  In Part 1 of this blog, I discussed 2 key reasons why we should expect a rise in the number of healthcare data breaches: No. 1 The rise of the...
Read more
August 13, 2015

4 Reasons why Healthcare Data Breaches will continue! Part – 1

Digital health companies are rapidly becoming the new frontline for data security in the healthcare industry. This year alone we have seen almost 100...
Read more
July 7, 2015

A new standard for privacy in the cloud!

As a proponent of ISO 27000 series of standards I was delighted to see the International Organization for Standardization release ISO/IEC 27018:2014...
Read more
April 16, 2015

Disney Passwords - exploding the myth of password complexity

Cyber security has gone mainstream. Nick Helm proved this with his winning joke of the 2011 Edinburgh Fringe Festival. "I needed a password eight...
Read more
November 17, 2014 Why Your Health Data Is Worth More Than Your Financial Data

This article first appeared on on November 14, 2014.  We are all used to the steps banks take to protect our financial information. They...
Read more
October 2, 2014

Will all health data soon be regulated?

  Following Julie Brill’s comments earlier this year about “consumer generated health data” where she clearly implied that the Federal Trade...
Read more
May 23, 2014

Achieving compliance in the cloud

With the advent of cloud-based services and the ability of mHealth to move data outside the healthcare setting through these portals, the cost of...
Read more
January 8, 2014

Concerned about HIPAA Compliance? If You’re a Health Startup, Yes

This article first appeared on on January 7th, 2014.  (Photo courtesy of Flickr / USDA) I typically can tell if a health-tech startup...
Read more
December 19, 2013

HISTalk: Santa Claus, Flying Reindeer, and the HIPAA-Compliant Data Center

This article first appeared on HISTalk on December 18, 2013. Click here to see the original version. This holiday period will see a rerun of many...
Read more
October 4, 2013

Why mere compliance increases risk

  In some cases, poor training is as bad as–if not worse than–no training it all, say John Schroeter and Tom Pendergast By John Schroeter and Tom...
Read more
September 11, 2013

5 simple steps to secure your business

  Information Security is a taboo subject for many businesses. Business owners realize the importance of protecting their data (and consequently...
Read more
September 5, 2013

Set the FDA mobile medical app guidance free! - Part 2

Bradley Merrill Thompson follows up his first article by responding to comments made by athenahealth’s VP of Government Affairs, Mr. Dan Haley. You...
Read more
August 30, 2013

Set the FDA mobile medical app guidance free!

  Bradley Merrill Thompson publishes a great piece offering 5 factual reasons why we should all support publication of the FDA mobile medical app...
Read more