Grant Elliott

Recent Posts

January 15, 2020

Why Integrated Risk Management is Becoming the Preferred Approach to Data Security

There’s an inherent risk to doing business, particularly business that touches personal data. For years now, the business community – from healthcare...
Read more
November 5, 2019

Easing the Pain of Security Audits with MyVCM Auditor Connect

Today we announced an exciting new addition to the Ostendio MyVCM platform - MyVCM Auditor Connect. You can read the press release here, but I...
Read more
October 18, 2019

How to Stay Safe Online with National Cybersecurity Awareness Month (NCSAM)

Ostendio is a champion of National Cybersecurity Awareness Month (NCSAM) which is observed every October. This month of awareness was created as a...
Read more
October 11, 2019

Why do auditors need to remain independent?

Recent news that PwC (PricewaterhouseCoopers LLP) has agreed to pay US$7.9 million in fines to settle U.S. Securities and Exchange Commission charges...
Read more
August 29, 2019

Unpacking the SCF Capability Maturity Model

If you aren’t familiar with the Secure Controls Framework (SCF), you should be. It’s a non-profit organization dedicated to providing content that...
Read more
August 15, 2019

5 Trust Service Criteria of a SOC 2 Report

A SOC 2 report has 5 Trust Services Criteria, which have previously been commonly called Trust Services Principles. These Trust Service Criteria are...
Read more
July 25, 2019

5 lessons learned from the Equifax breach

One of the biggest news items this week in the world of security is the Equifax settlement with the FTC. The Equifax data breach was one of the...
Read more
July 22, 2019

Preparing for the CCPA? 6 Steps to Get You Started

We hear about personal data breaches and cybersecurity attacks daily in the news. The California Consumer Privacy Act (CCPA) is one state’s answer to...
Read more
June 10, 2019

Check Out the Brand New Ostendio.com Website!

2019 has been a great year so far for Ostendio! More companies than ever are using MyVCM for Security and Risk Management (also called  Integrated...
Read more
May 21, 2019

7 Reasons Companies Can’t Avoid a Security Risk Assessment

If you’re a company with the view that cybersecurity is largely an IT issue, you may take the attitude of “We’ve got this.” Hold that thought. When...
Read more
January 4, 2019

5 Data Privacy and Security Predictions for 2019

In 2018 we started to see the effect of a global grassroots movement that demands stronger data privacy parameters. As of December 2018, reported ...
Read more
October 19, 2017

The Road Ahead: Year-end Trends in Healthcare Cybersecurity

Healthcare data breaches account for over 22% of the data breaches so far in 2017. To put a number on it, that’s nearly 2 million health data...
Read more
July 31, 2017

HIPAA & HITRUST: Learning to Walk, Before You Can Run

Are you considering HITRUST but haven’t yet put your HIPAA house in order? That’s similar to starting college when you’ve not yet earned your high...
Read more
June 12, 2017

Cybercrime in healthcare is the new normal. How can we reduce the number of attacks?

Ransomware is growing in popularity because it works. A recently released study by Google estimates that ransomware victims have paid over $25million...
Read more
March 8, 2017

HIPAA Compliance and Cloud Service Providers

Having patients feel safe sharing sensitive health information is critical to the future of informed population health. How can you ensure that you...
Read more
December 20, 2016

Top 5 Predictions for Healthcare Cybersecurity in 2017

As 2016 draws to a close, it was a busy year for both companies defending themselves, and cyber criminals creating new forms of attack. As CEO of...
Read more
December 15, 2016

End-of-Year Round Up: 3 Must Read Ostendio Blog Posts

The Ostendio blog covered a lot of ground this year – from a 3-part series about Cybercrime in Healthcare – to the worst passwords your organization...
Read more
December 7, 2016

Compliance & Risk: Has the Zenefits Lesson Changed the Game?

After a lengthy process of “putting things to rights” in 17 states, Zenefits is paying up to US$7 million in penalties. As with other digital health...
Read more
November 16, 2016

HITRUST for the digital health startup: Should you consider it?

Demonstrating HIPAA compliance is a challenge for many digital health companies. In fact, smaller digital health companies often struggle to meet...
Read more
August 3, 2016

Cyberattacks: Vendor named as cause

In our Cybercrime article series, we say that it’s a good idea to check if your back door is unlocked. But what if you are the back door? In June, ...
Read more
July 13, 2016

FDA Guidance : “Go Ahead & Share”

FDA Guidance : “Go Ahead & Share” FDA encourages Medical Device Manufacturers to share Patient Data In the digital age of healthcare, consumers are...
Read more
June 28, 2016

HITRUST Certification – Is your client requesting it?

There’s a streamlined way to get there. A growing number of digital health companies are being asked to adopt the HITRUST standard. You too may soon...
Read more
June 14, 2016

Ransomware is changing Healthcare!

Ransomware attacks are changing how companies put a price on cybersecurity, and making it a Board Room issue. Think back to the data breaches at...
Read more
March 31, 2016

Cybercrime in Healthcare - Part 3

This week we saw yet another cybercrime attack on a large hospital system. This is the latest in a series of apparent ransomware attacks starting in...
Read more
March 24, 2016

Apple CareKit: What it means for Patient Privacy

Apple held their latest product unveil earlier this week and of course there was the obligatory newest iPhone announcement. What was more interesting...
Read more
March 2, 2016

Cybercrime in Health Care -Part 2

Hospitals: The New Frontier for Medical Device Cybercrime As I penned my most recent blog last week, I did not expect to have a new healthcare...
Read more
February 29, 2016

Cybercrime - How safe is your health data?

By now you may have heard about the recent ransom attack at Hollywood Presbyterian Medical Center. Hackers held the hospital’s electronics medical...
Read more
February 10, 2016

Zenefits is Just the tip of the Iceberg – 4 Reasons Why

The digital health market was rocked by the recent announcement that HR services darling Zenefits has gone from ‘rock star’ to a symbol of Silicon...
Read more
February 3, 2016

Worst Passwords - are you using one of these?

Did you see the recent Forbes article on the 2015 worst passwords list? It is not hugely better news over last year’s list, but it is always a good...
Read more
January 27, 2016

FDA takes on Mobile Security

A recent Healthcare IT News article revealed that 95% of FDA approved mobile health apps lack important technical protection layers. That means our...
Read more
January 14, 2016

You Took an Online Risk Assessment!

THINK YOU ARE COMPLIANT? THINK AGAIN! A key first step in being compliant with most security regulations, including HIPAA, is the completion of an...
Read more
December 14, 2015

Medical Identity Theft: Congress’s letter to OCR

In a letter from Congress to CMS (Centers for Medicare and Medicaid Services) and OCR (Office of Civil Rights) last month, the Senate HELP (Health,...
Read more
October 19, 2015

What the 3 Little Pigs Can Teach Us about Risk Assessments!

Once upon a time, there were three little pigs. These guys were entrepreneurs. The first little pig, Chaff, developed a digital application for a...
Read more
September 14, 2015

It’s the people, stupid!

Why the big focus on technical security solutions is like a sound bite! Here we are at the primary season preceding the 2016 Presidential elections...
Read more
August 20, 2015

4 Reasons why Healthcare Data Breaches will continue to rise! Part 2

  In Part 1 of this blog, I discussed 2 key reasons why we should expect a rise in the number of healthcare data breaches: No. 1 The rise of the...
Read more
August 13, 2015

4 Reasons why Healthcare Data Breaches will continue! Part – 1

Digital health companies are rapidly becoming the new frontline for data security in the healthcare industry. This year alone we have seen almost 100...
Read more
July 7, 2015

A new standard for privacy in the cloud!

As a proponent of ISO 27000 series of standards I was delighted to see the International Organization for Standardization release ISO/IEC 27018:2014...
Read more
April 16, 2015

Disney Passwords - exploding the myth of password complexity

Cyber security has gone mainstream. Nick Helm proved this with his winning joke of the 2011 Edinburgh Fringe Festival. "I needed a password eight...
Read more
November 17, 2014

1776dc.com: Why Your Health Data Is Worth More Than Your Financial Data

This article first appeared on 1776dc.com on November 14, 2014.  We are all used to the steps banks take to protect our financial information. They...
Read more
October 2, 2014

Will all health data soon be regulated?

  Following Julie Brill’s comments earlier this year about “consumer generated health data” where she clearly implied that the Federal Trade...
Read more
May 23, 2014

Achieving compliance in the cloud

With the advent of cloud-based services and the ability of mHealth to move data outside the healthcare setting through these portals, the cost of...
Read more
January 8, 2014

Concerned about HIPAA Compliance? If You’re a Health Startup, Yes

This article first appeared on 1776dc.com on January 7th, 2014.  (Photo courtesy of Flickr / USDA) I typically can tell if a health-tech startup...
Read more
December 19, 2013

HISTalk: Santa Claus, Flying Reindeer, and the HIPAA-Compliant Data Center

This article first appeared on HISTalk on December 18, 2013. Click here to see the original version. This holiday period will see a rerun of many...
Read more
October 4, 2013

Why mere compliance increases risk

  In some cases, poor training is as bad as–if not worse than–no training it all, say John Schroeter and Tom Pendergast By John Schroeter and Tom...
Read more
September 11, 2013

5 simple steps to secure your business

  Information Security is a taboo subject for many businesses. Business owners realize the importance of protecting their data (and consequently...
Read more
September 5, 2013

Set the FDA mobile medical app guidance free! - Part 2

Bradley Merrill Thompson follows up his first article by responding to comments made by athenahealth’s VP of Government Affairs, Mr. Dan Haley. You...
Read more
August 30, 2013

Set the FDA mobile medical app guidance free!

  Bradley Merrill Thompson publishes a great piece offering 5 factual reasons why we should all support publication of the FDA mobile medical app...
Read more