Recent Posts

December 3, 2021

How to Prepare for a SOC 2 Audit

[4 min read] Security standards, reports, and certifications are becoming essential for vendors and technology firms. Certifications, such as SOC 2,...
Read more
August 14, 2019

HITRUST vs HIPAA: What Are the Differences?

HITRUST Certification is growing in popularity. What started as a framework for the healthcare industry has now expanded to include other regulated...
Read more
February 20, 2019

What the HITRUST & NIST Alignment brings to Healthcare Organizations

You might have heard that HITRUST has launched a certification program for the NIST Cybersecurity Framework. The new certification for NIST...
Read more
February 6, 2019

Risk Management: What does it Mean to your 2019 Security Strategy?

For CISOs, data risk is like a fire underfoot. Data’s very fluidity and its constant generation makes a complete lockdown impossible - no matter...
Read more
January 24, 2019

5 Things to Know Before Buying Compliance Management Software

How do you choose the right compliance management software ? Technology can seriously streamline compliance management efforts and help you ...
Read more
January 14, 2019

What's Needed for the Private Market to Take Data Security Seriously?

After the Marriott data breach, the Quora breach, the Anthem breach, and the Uber breach… well, you get the picture. After all of these data...
Read more
January 2, 2019

Open Sesame! Is your password secure?

While “Open Sesame!” might be one of the oldest passwords, the recent National Cyber Security Center list of regularly used passwords makes for...
Read more
November 14, 2018

5 Tips for Creating a Culture of Cybersecurity

You’ve likely heard about organizations having a culture of compliance but not as much about having a culture of cybersecurity. Yet as threats to our...
Read more
October 24, 2018

5 Ways to Integrate your Cybersecurity and Compliance Programs

Data breaches aren’t just a problem for security professionals. The impact is felt across the whole business—from your legal team, embroiled in...
Read more
September 27, 2018

Why SMBs Need to Ramp up Security Awareness Training

Did you know that small to medium-sized businesses (SMBs) may have a higher cybersecurity risk than larger counterparts when you consider...
Read more
September 10, 2018

5 Ways to Protect Your Workforce Against Breach Fatigue

Is news of a data breach becoming “white noise”? Thanks to the sheer frequency of data breaches, the general attitude toward online security is...
Read more
August 27, 2018

Have you Identified What Data is Worth Defending?

Cyber experts like former Federal CISO Gregory Touhill feel that managing risk is paramount to, and more effective than, trying to defend everything,...
Read more
August 15, 2018

Why the California Consumer Privacy Act is Important to all Online Users

No matter the criticism of the “rush job” regarding the newly passed AB375, the California Consumer Privacy Act, its underlying purpose makes it the...
Read more
August 9, 2018

How do you Prevent Unauthorized Access to ePHI?

That’s a million dollar question. No, really, it could literally cost you millions not to know. In doubt? Fresenius isn’t. It’s cost the dialysis...
Read more
July 20, 2018

Are you Managing your Vendor Risk?

It’s not uncommon today for businesses to outsource certain services to third-parties. However, with outsourcing, the risks of the service...
Read more
July 10, 2018

Can a Compliance Audit be Pain-Free?

No one ever looks forward to a compliance audit. However, there are steps you can take to alleviate some of the pains felt before an audit, and it...
Read more
June 13, 2018

What the HITRUST & NIST Alignment Brings to Healthcare Organizations

HITRUST (Health Information Trust Alliance) and NIST (National Institute of Standards and Technology) recently announced that they have teamed up and...
Read more
May 17, 2018

Can you think like a cybercriminal? It may be your best defense against cryptominers.

After more than two years dealing with the menace of being held hostage by ransomware, cryptominers are the last thing healthcare IT and security...
Read more
May 8, 2018

HIPAA Plus: What Healthcare Needs to Understand about Cybersecurity

When it comes to HIPAA compliance and cybersecurity, the danger comes with thinking one assures the other. It doesn’t.  Just skim the daily headlines...
Read more
April 23, 2018

Curiosity Killed the Healthcare Organization

Study Shows that Healthcare's Internal Security Breaches Exceed External Ones Was that Lady Gaga in the emergency room? What kind of procedure is my...
Read more
April 18, 2018

Security Awareness Training vs Human Error: Can it Make the Difference?

Phishing is quickly evolving to take advantage of that most difficult-to-prevent vulnerability: human error. A lack of security awareness can lead to...
Read more
April 5, 2018

'We’re a US Company, the EU’s GDPR doesn’t apply!' Think again.

If you collect any EU resident’s identifying data as broadly defined under the EU’s General Data Protection Regulation, aka GDPR, you now have...
Read more
March 26, 2018

Should you Integrate your GRC Platform with your Back-End Systems?

One of the key objectives when developing an effective security and compliance management program is to remain interdependent of core systems.  While...
Read more
March 19, 2018

How to Prepare for a SOC 2 Audit

Security certifications are fast becoming need-to-haves for vendors and technology firms. Certifications, such as SOC 2, can offer a cost-efficient...
Read more
March 14, 2018

The Path to HITRUST Certification Success

If you’re reading this blog, you’re likely very aware that HITRUST certification and its proprietary MyCSF (Common Security Framework) is...
Read more
February 28, 2018

I’m Not an IT Employee, How Can I Protect Sensitive Data?

With so much data being created, sometimes it’s hard to tell what’s sensitive data and what isn’t, what’s a risk to it and what’s not. This can be...
Read more
February 14, 2018

To Pay or Not to Pay? Authorities say “No” to Ransomware Demands

According to Kaspersky, a company is hit by ransomware every 40 second. There’s a lot that goes into handling a ransomware cyberattack, not the least...
Read more
January 22, 2018

Why the IoT Security of Medical Devices falls on Device Makers

When you’re a medical device manufacturer, your primary goal is to get your product into hospitals and care provider networks. The internet of things...
Read more
January 8, 2018

How about a Cybersecurity Resolution for 2018?

It’s a new year with a new budget, and a new year’s resolution for laser-focus on cybersecurity. That should be easier to keep than the ones for no...
Read more
January 4, 2018

Compliance and Security: Why One Does NOT Equal The Other

It’s an all-too- common misunderstanding, but a robust information security program doesn’t mean you’re in compliance with whatever regulations...
Read more
December 20, 2017

ePHI Data Breaches: How to Reduce the Human Risk

As we wrap up 2017, the number of healthcare data breaches are up over 2016, with 41% caused by “insiders” per the Protenus Breach Barometer mid-year...
Read more
November 29, 2017

Better Together: Security & Privacy

When you think about protecting sensitive data, do you think about privacy or security? It’s a trick question because the answer should be “Both.”...
Read more
November 10, 2017

Small Businesses “Get It” when it comes to Cybersecurity

As we wrap up Cybersecurity Awareness Month, keep in mind that cybercriminals are indiscriminate in who they attack. Large business, small business,...
Read more
October 30, 2017

Why HIPAA Remains Important to Healthcare Data Protection

For the last eighteen months or so, media coverage of healthcare hasn’t been focused so much on HIPAA regulations, but on the cybersecurity strength...
Read more
September 18, 2017

3 Meaningful Steps for Data Breach Prevention and Preparation

Reported data breaches show that HIPAA violation settlements are on the upswing, both in terms of the number of individuals affected and financial...
Read more
July 19, 2017

Cybercriminals Don’t Discriminate: Size Doesn’t Matter

Whenever we read the latest headlines on cybercrimes and data breaches, it’s easy to slough it off as being something that only happens to the big...
Read more
July 7, 2017

Security Pros Expect Major Breach in 2 Years: Petya Another Warning

Sixty percent of respondents to the 2017 Black Hat survey believe that a successful cyber attack on U.S. critical infrastructure will occur in the...
Read more
June 27, 2017

Do You Know What Data You Have? And How To Protect It?

Data breaches are at an all-time high in 2017. Many organizations cover data under one big security blanket. But what if you’re missing some of the...
Read more
May 30, 2017

Understanding ISO-27001 Requirements

What is ISO-27001? ISO-27001 is a globally recognized security framework.  It aims to “provide a model for establishing, implementing, operating,...
Read more
May 25, 2017

What is a SOC Report? Do I Need One?

SOC stands for Service Organizational Control. There are three types of SOC reports, but we’ll focus on the second one, which is “designed for the...
Read more
May 22, 2017

Using the WannaCry Ransomware Attack to Hone Prevention

It’s reported to have been one of the largest cyber extortion attacks to-date. The WannaCry (aka WanaCryptor 2.0) ransomware attack hit globally and...
Read more
May 9, 2017

Cybercrime: Why is the Healthcare Industry Under Siege?

Why is healthcare so heavily and successfully targeted by cybercrime? It’s a tough question, but after a record number of breaches last year – nearly...
Read more
March 14, 2017

Overview: Steps to Becoming HITRUST Certified

HITRUST. A term becoming increasingly popular in the healthcare arena. But what exactly is HITRUST? And what’s involved in becoming HITRUST certified?
Read more
February 3, 2017

How does your Breach Security Compare to the rest of the Healthcare Industry?

According to research conducted by Intel in 2015, avoiding breaches and associated business impacts is the top privacy and security concern across...
Read more
February 1, 2017

HIPAA in a Non-ACA World: Would Information Security Change?

Does a repeal or reworking of the Affordable Care Act mean that we should expect less focus on HIPAA and cybersecurity? Almost certainly not. In...
Read more
April 18, 2016

The Brave (not so new) World of Compliance & Cybersecurity

GUEST BLOG: Our guest blog post  this week is written by Chris Apgar, CEO of Apgar and Associates, LLC. Chris is a recognized expert in Information...
Read more
April 5, 2016

Whipped Into Shape: 5 Compliance Questions To Ask Your Digital Health Partners

We are excited to have a guest blog post from Irina Ridley, Privacy and Compliance Officer for Omada Health.  Irina offers practical guidance  for...
Read more