Ostendio is a champion of National Cybersecurity Awareness Month (NCSAM) which is observed every October. This month of awareness was created as a...

Recent news that PwC (PricewaterhouseCoopers LLP) has agreed to pay US$7.9 million in fines to settle U.S. Securities and Exchange Commission charges...

If you aren’t familiar with the Secure Controls Framework (SCF), you should be. It’s a non-profit organization dedicated to providing content that...

A SOC 2 report has 5 Trust Services Criteria, which have previously been commonly called Trust Services Principles. These Trust Service Criteria are...

One of the biggest news items this week in the world of security is the Equifax settlement with the FTC. The Equifax data breach was one of the...

We hear about personal data breaches and cybersecurity attacks daily in the news. The California Consumer Privacy Act (CCPA) is one state’s answer to...

2019 has been a great year so far for Ostendio! More companies than ever are using MyVCM for Security and Risk Management (also called  Integrated...

If you’re a company with the view that cybersecurity is largely an IT issue, you may take the attitude of “We’ve got this.” Hold that thought. When...

In 2018 we started to see the effect of a global grassroots movement that demands stronger data privacy parameters. As of December 2018, reported ...

Healthcare data breaches account for over 22% of the data breaches so far in 2017. To put a number on it, that’s nearly 2 million health data...

Are you considering HITRUST but haven’t yet put your HIPAA house in order? That’s similar to starting college when you’ve not yet earned your high...

Ransomware is growing in popularity because it works. A recently released study by Google estimates that ransomware victims have paid over $25million...

Having patients feel safe sharing sensitive health information is critical to the future of informed population health. How can you ensure that you...

As 2016 draws to a close, it was a busy year for both companies defending themselves, and cyber criminals creating new forms of attack. As CEO of...

The Ostendio blog covered a lot of ground this year – from a 3-part series about Cybercrime in Healthcare – to the worst passwords your organization...

After a lengthy process of “putting things to rights” in 17 states, Zenefits is paying up to US$7 million in penalties. As with other digital health...

Demonstrating HIPAA compliance is a challenge for many digital heath companies. In fact, smaller digital health companies often struggle to meet even...

In our Cybercrime article series, we say that it’s a good idea to check if your back door is unlocked. But what if you are the back door? In June, ...

FDA Guidance : “Go Ahead & Share” FDA encourages Medical Device Manufacturers to share Patient Data In the digital age of healthcare, consumers are...

There’s a streamlined way to get there. A growing number of digital health companies are being asked to adopt the HITRUST standard. You too may soon...

Ransomware attacks are changing how companies put a price on cybersecurity, and making it a Board Room issue. Think back to the data breaches at...

This week we saw yet another cybercrime attack on a large hospital system. This is the latest in a series of apparent ransomware attacks starting in...

Apple held their latest product unveil earlier this week and of course there was the obligatory newest iPhone announcement. What was more...

Hospitals: The New Frontier for Medical Device Cybercrime As I penned my most recent blog last week, I did not expect to have a new healthcare...

By now you may have heard about the recent ransom attack at Hollywood Presbyterian Medical Center. Hackers held the hospital’s electronics medical...

The digital health market was rocked by the recent announcement that HR services darling Zenefits has gone from ‘rock star’ to a symbol of Silicon...

Did you see the recent Forbes article on the 2015 worst passwords list? It is not hugely better news over last year’s list, but it is always a good...

A recent Healthcare IT News article revealed that 95% of FDA approved mobile health apps lack important technical protection layers. That means our...

THINK YOU ARE COMPLIANT? THINK AGAIN! A key first step in being compliant with most security regulations, including HIPAA, is the completion of an...

In a letter from Congress to CMS (Centers for Medicare and Medicaid Services) and OCR (Office of Civil Rights) last month, the Senate HELP (Health,...

Once upon a time, there were three little pigs. These guys were entrepreneurs. The first little pig, Chaff, developed a digital application for a...

Why the big focus on technical security solutions is like a sound bite! Here we are at the primary season preceding the 2016 Presidential elections...

  In Part 1 of this blog, I discussed 2 key reasons why we should expect a rise in the number of healthcare data breaches: No. 1 The rise of the...

Digital health companies are rapidly becoming the new frontline for data security in the healthcare industry. This year alone we have seen almost 100...

  As a proponent of ISO 27000 series of standards I was delighted to see the International Organization for Standardization release ISO/IEC...

Cyber security has gone mainstream. Nick Helm proved this with his winning joke of the 2011 Edinburgh Fringe Festival. "I needed a password eight...

This article first appeared on 1776dc.com on November 14, 2014. Click here to see the original version. We are all used to the steps banks take to...

  Following Julie Brill’s comments earlier this year about “consumer generated health data” where she clearly implied that the Federal Trade...

This article first appeared in mHealthNews on May 23, 2014. Click here to see the original version. With the advent of cloud-based services and the...

This article first appeared on 1776dc.com on January 7th, 2014. Click here to see the original version. (Photo courtesy of Flickr / USDA) I...

This article first appeared on HISTalk on December 18, 2013. Click here to see the original version. This holiday period will see a rerun of many...

  In some cases, poor training is as bad as–if not worse than–no training it all, say John Schroeter and Tom Pendergast By John Schroeter and Tom...

  Information Security is a taboo subject for many businesses. Business owners realize the importance of protecting their data (and consequently...

Bradley Merrill Thompson follows up his first article by responding to comments made by athenahealth’s VP of Government Affairs, Mr. Dan Haley. You...

  Bradley Merrill Thompson publishes a great piece offering 5 factual reasons why we should all support publication of the FDA mobile medical app...