Ostendio Blog

May 2020 marks the second year that GDPR has been in effect and we have already seen some significant fines totalling over $126 million.  Google has...

How is your business showing compliance to operational and business risks during these uncertain times? Many companies turn to the popular SOC report...

During these difficult times it is understandable that organizations may be looking for creative ways to cut costs or gain efficiency.  While...

We are all getting used to our new “normal” but many businesses, both big and small, have been caught off-guard by the COVID-19 crisis. Having to...

As we start to adapt to our new quarantined life, one of the things that has struck me is how different people have benchmarked what they constitute...

From the recently announced privacy issues being investigated by the New York Attorney General at Zoom, all the way back to the Zenefits scandal in...

If you have a team working remotely due to the COVID-19 virus you are obviously not alone as we adjust to this new normal way of work.  At present, 1...

Vendor Risk Management is a hot topic at the moment and for good reason.  A recent study by the Ponemon Institute showed 59% of companies have...

If you missed our recent webinar “Re-thinking Vendor Risk Management” you can listen to it free and on-demand here.  In the webinar we talked about...

What do you need to know about HIPAA in 2020? This year, the changes are not so much about HIPAA itself, but about things that directly affect how...

When we talk to customers, prospects and even audit partners, they are often overwhelmed with the choices they have for GRC tools.  There is a lot of...

We are huge football fans at Ostendio!  Even though we spend our days helping customers with their cybersecurity challenges, many of us also...

There’s an inherent risk to doing business, particularly business that touches personal data. For years now, the business community – from healthcare...

The start of a decade is always an exciting time. When you think about how technology has changed in the last 10 years you can only imagine what...

2019 was an incredible year of growth for Ostendio.  We continue to ramp up our business while working hard every day to deliver on our promises to...

Webinars are some of our most popular content on the Ostendio web site. Across 2019 we hosted a series of webinars that combined best practices and...

We’ve had an incredible year of growth at Ostendio and, as our company has grown, so has our blog readership.  At the end of every year, we revisit...

We are all used to doing regular fire drills at the office or at school, and we accept the benefits of having defined roles and responsibilities...

It’s easy to make mistakes.  We’ve all done it. Maybe you’ve put the milk in the cupboard and the cereal in the fridge this morning! These things...

Today we announced an exciting new addition to the Ostendio MyVCM platform - MyVCM Auditor Connect. You can read the press release here, but I...

There is no single industry with greater sensitivity to data breaches than healthcare. But unfortunately, breaches across healthcare companies,...

Ostendio is a champion of National Cybersecurity Awareness Month (NCSAM) which is observed every October. This month of awareness was created as a...

Recent news that PwC (PricewaterhouseCoopers LLP) has agreed to pay US$7.9 million in fines to settle U.S. Securities and Exchange Commission charges...

When you begin planning for a SOC 2 audit, one of the first big decisions is choosing an external audit firm. You want a firm who can help you...

As many companies - and their vendors - are moving data to the cloud, there are often concerns about the security of their sensitive information. In...

If you aren’t familiar with the Secure Controls Framework (SCF), you should be. It’s a non-profit organization dedicated to providing content that...

In case you are new to the world of cybersecurity and are struggling to learn or understand some of the new terms you are hearing, don’t worry, we’re...

A SOC 2 report has 5 Trust Services Criteria, which have previously been commonly called Trust Services Principles. These Trust Service Criteria are...

HITRUST Certification is growing in popularity. What started as a framework for the healthcare industry has now expanded to include other regulated...

A Systems and Organizational Controls (SOC) report provides guidance on standards that should be used for operational and technological business...

The news of the Capital One breach rocked the banking industry this week.  It is significant because it wasn’t a virus or an outside hacker but...

One of the biggest news items this week in the world of security is the Equifax settlement with the FTC. The Equifax data breach was one of the...

We hear about personal data breaches and cybersecurity attacks daily in the news. The California Consumer Privacy Act (CCPA) is one state’s answer to...

Sometimes what seems like a low-level feature can actually be a very big deal in the world of cybersecurity and compliance. That’s why I’m really...

Today is an exciting day for Ostendio customers as we  launch the third component of our CrossWalk feature set - CrossWalk Assessments. This new...

2019 has been a great year so far for Ostendio! More companies than ever are using MyVCM for Security and Risk Management (also called  Integrated...

If you’re a company with the view that cybersecurity is largely an IT issue, you may take the attitude of “We’ve got this.” Hold that thought. When...

You might have heard that HITRUST has launched a certification program for the NIST Cybersecurity Framework. The new certification for NIST...

For CISOs, data risk is like a fire underfoot. Data’s very fluidity and its constant generation makes a complete lockdown impossible - no matter...

How do you choose the right compliance management software ? Technology can seriously streamline compliance management efforts and help you ...

After the Marriott data breach, the Quora breach, the Anthem breach, and the Uber breach… well, you get the picture. After all of these data...

In 2018 we started to see the effect of a global grassroots movement that demands stronger data privacy parameters. As of December 2018, reported ...

While “Open Sesame!” might be one of the oldest passwords, the recent National Cyber Security Center list of regularly used passwords makes for...

You’ve likely heard about organizations having a culture of compliance but not as much about having a culture of cybersecurity. Yet as threats to our...

Data breaches aren’t just a problem for security professionals. The impact is felt across the whole business—from your legal team, embroiled in...

Did you know that small to medium-sized businesses (SMBs) may have a higher cybersecurity risk than larger counterparts when you consider...

Is news of a data breach becoming “white noise”? Thanks to the sheer frequency of data breaches, the general attitude toward online security is...

Cyber experts like former Federal CISO Gregory Touhill feel that managing risk is paramount to, and more effective than, trying to defend everything,...

No matter the criticism of the “rush job” regarding the newly passed AB375, the California Consumer Privacy Act, its underlying purpose makes it the...

That’s a million dollar question. No, really, it could literally cost you millions not to know. In doubt? Fresenius isn’t. It’s cost the dialysis...

It’s not uncommon today for businesses to outsource certain services to third-parties. However, with outsourcing, the risks of the service...

No one ever looks forward to a compliance audit. However, there are steps you can take to alleviate some of the pains felt before an audit, and it...

What’s your current approach to compliance? Policies and procedures in place, a security risk analysis every eighteen months, and an annual slide...

HITRUST (Health Information Trust Alliance) and NIST (National Institute of Standards and Technology) recently announced that they have teamed up and...

After more than two years dealing with the menace of being held hostage by ransomware, cryptominers are the last thing healthcare IT and security...

When it comes to HIPAA compliance and cybersecurity, the danger comes with thinking one assures the other. It doesn’t.  Just skim the daily headlines...

On Tuesday April 22nd, myself and Ostendio’s CEO, Grant Elliott, attend DCA LIVE’s 2018 BIG Cyber Growth Summit. As a cybersecurity product company...

Study Shows that Healthcare's Internal Security Breaches Exceed External Ones Was that Lady Gaga in the emergency room? What kind of procedure is my...

Phishing is quickly evolving to take advantage of that most difficult-to-prevent vulnerability: human error. A lack of security awareness can lead to...

If you collect any EU resident’s identifying data as broadly defined under the EU’s General Data Protection Regulation, aka GDPR, you now have...

One of the key objectives when developing an effective security and compliance management program is to remain interdependent of core systems.  While...

Security certifications are fast becoming need-to-haves for vendors and technology firms. Certifications, such as SOC 2, can offer a cost-efficient...

If you’re reading this blog, you’re likely very aware that HITRUST certification and its proprietary MyCSF (Common Security Framework) is...

With so much data being created, sometimes it’s hard to tell what’s sensitive data and what isn’t, what’s a risk to it and what’s not. This can be...

According to Kaspersky, a company is hit by ransomware every 40 second. There’s a lot that goes into handling a ransomware cyberattack, not the least...

When you’re a medical device manufacturer, your primary goal is to get your product into hospitals and care provider networks. The internet of things...

It’s a new year with a new budget, and a new year’s resolution for laser-focus on cybersecurity. That should be easier to keep than the ones for no...

It’s an all-too- common misunderstanding, but a robust information security program doesn’t mean you’re in compliance with whatever regulations...

As we wrap up 2017, the number of healthcare data breaches are up over 2016, with 41% caused by “insiders” per the Protenus Breach Barometer mid-year...

When you think about protecting sensitive data, do you think about privacy or security? It’s a trick question because the answer should be “Both.”...

As we wrap up Cybersecurity Awareness Month, keep in mind that cybercriminals are indiscriminate in who they attack. Large business, small business,...

For the last eighteen months or so, media coverage of healthcare hasn’t been focused so much on HIPAA regulations, but on the cybersecurity strength...

Healthcare data breaches account for over 22% of the data breaches so far in 2017. To put a number on it, that’s nearly 2 million health data...

Reported data breaches show that HIPAA violation settlements are on the upswing, both in terms of the number of individuals affected and financial...

We’re proud to announce that Ostendio has been shortlisted as a finalist in the “Best Technology Startup” category for the Third Annual Timmy Awards....

Has your organization experienced a data breach yet? Increasingly, odds are that you will, if you haven’t already. According to Protenus, 2017 is...

Are you always on the look out for the best InfoSec conferences to attend? We've found several helpful resources to point you in the right direction,...

Are you considering HITRUST but haven’t yet put your HIPAA house in order? That’s similar to starting college when you’ve not yet earned your high...

Whenever we read the latest headlines on cybercrimes and data breaches, it’s easy to slough it off as being something that only happens to the big...

Sixty percent of respondents to the 2017 Black Hat survey believe that a successful cyber attack on U.S. critical infrastructure will occur in the...

As America gears up for hot dogs, fireworks and celebrating with friends and family, keep in mind these five security tips to help protect your...

Data breaches are at an all-time high in 2017. Many organizations cover data under one big security blanket. But what if you’re missing some of the...

Ransomware is growing in popularity because it works. A recently released study by Google estimates that ransomware victims have paid over $25million...

Ostendio is proud to have joined the Pledge 1% organization, which is a corporate philanthropy movement dedicated to making the community a key...

What is ISO-27001? ISO-27001 is a globally recognized security framework.  It aims to “provide a model for establishing, implementing, operating,...

SOC stands for Service Organizational Control. There are three types of SOC reports, but we’ll focus on the second one, which is “designed for the...

It’s reported to have been one of the largest cyber extortion attacks to-date. The WannaCry (aka WanaCryptor 2.0) ransomware attack hit globally and...

Why is healthcare so heavily and successfully targeted by cybercrime? It’s a tough question, but after a record number of breaches last year – nearly...

HITRUST. A term becoming increasingly popular in the healthcare arena. But what exactly is HITRUST? And what’s involved in becoming HITRUST certified?

Having patients feel safe sharing sensitive health information is critical to the future of informed population health. How can you ensure that you...

According to research conducted by Intel in 2015, avoiding breaches and associated business impacts is the top privacy and security concern across...

Does a repeal or reworking of the Affordable Care Act mean that we should expect less focus on HIPAA and cybersecurity? Almost certainly not. In...

As 2016 draws to a close, it was a busy year for both companies defending themselves, and cyber criminals creating new forms of attack. As CEO of...

The Ostendio blog covered a lot of ground this year – from a 3-part series about Cybercrime in Healthcare – to the worst passwords your organization...

After a lengthy process of “putting things to rights” in 17 states, Zenefits is paying up to US$7 million in penalties. As with other digital health...

Demonstrating HIPAA compliance is a challenge for many digital heath companies. In fact, smaller digital health companies often struggle to meet even...

In our Cybercrime article series, we say that it’s a good idea to check if your back door is unlocked. But what if you are the back door? In June, ...

FDA Guidance : “Go Ahead & Share” FDA encourages Medical Device Manufacturers to share Patient Data In the digital age of healthcare, consumers are...

There’s a streamlined way to get there. A growing number of digital health companies are being asked to adopt the HITRUST standard. You too may soon...

Ransomware attacks are changing how companies put a price on cybersecurity, and making it a Board Room issue. Think back to the data breaches at...

In the last few months we have seen a spike in cybercrime with a series of ransomware attacks in the healthcare industry. Hospitals, from California...

GUEST BLOG: Our guest blog post  this week is written by Chris Apgar, CEO of Apgar and Associates, LLC. Chris is a recognized expert in Information...

We are excited to have a guest blog post from Irina Ridley, Privacy and Compliance Officer for Omada Health.  Irina offers practical guidance  for...

This week we saw yet another cybercrime attack on a large hospital system. This is the latest in a series of apparent ransomware attacks starting in...

Apple held their latest product unveil earlier this week and of course there was the obligatory newest iPhone announcement. What was more interesting...

Hospitals: The New Frontier for Medical Device Cybercrime As I penned my most recent blog last week, I did not expect to have a new healthcare...

By now you may have heard about the recent ransom attack at Hollywood Presbyterian Medical Center. Hackers held the hospital’s electronics medical...

The digital health market was rocked by the recent announcement that HR services darling Zenefits has gone from ‘rock star’ to a symbol of Silicon...

Did you see the recent Forbes article on the 2015 worst passwords list? It is not hugely better news over last year’s list, but it is always a good...

A recent Healthcare IT News article revealed that 95% of FDA approved mobile health apps lack important technical protection layers. That means our...

THINK YOU ARE COMPLIANT? THINK AGAIN! A key first step in being compliant with most security regulations, including HIPAA, is the completion of an...

In a letter from Congress to CMS (Centers for Medicare and Medicaid Services) and OCR (Office of Civil Rights) last month, the Senate HELP (Health,...

Once upon a time, there were three little pigs. These guys were entrepreneurs. The first little pig, Chaff, developed a digital application for a...

Why the big focus on technical security solutions is like a sound bite! Here we are at the primary season preceding the 2016 Presidential elections...

  In Part 1 of this blog, I discussed 2 key reasons why we should expect a rise in the number of healthcare data breaches: No. 1 The rise of the...

Digital health companies are rapidly becoming the new frontline for data security in the healthcare industry. This year alone we have seen almost 100...

As a proponent of ISO 27000 series of standards I was delighted to see the International Organization for Standardization release ISO/IEC 27018:2014...

Cyber security has gone mainstream. Nick Helm proved this with his winning joke of the 2011 Edinburgh Fringe Festival. "I needed a password eight...

This article first appeared on 1776dc.com on November 14, 2014.  We are all used to the steps banks take to protect our financial information. They...

  Following Julie Brill’s comments earlier this year about “consumer generated health data” where she clearly implied that the Federal Trade...

With the advent of cloud-based services and the ability of mHealth to move data outside the healthcare setting through these portals, the cost of...

This article first appeared on 1776dc.com on January 7th, 2014.  (Photo courtesy of Flickr / USDA) I typically can tell if a health-tech startup...

This article first appeared on HISTalk on December 18, 2013. Click here to see the original version. This holiday period will see a rerun of many...

  In some cases, poor training is as bad as–if not worse than–no training it all, say John Schroeter and Tom Pendergast By John Schroeter and Tom...

  Information Security is a taboo subject for many businesses. Business owners realize the importance of protecting their data (and consequently...

Bradley Merrill Thompson follows up his first article by responding to comments made by athenahealth’s VP of Government Affairs, Mr. Dan Haley. You...

  Bradley Merrill Thompson publishes a great piece offering 5 factual reasons why we should all support publication of the FDA mobile medical app...