As 2016 draws to a close, it was a busy year for both companies defending themselves, and cyber criminals creating new forms of attack. As CEO of Ostendio, and a former CISO, I speak with a lot of different companies about what their security concerns are. Here are my predictions for what 2017 may ...

The Ostendio blog covered a lot of ground this year – from a 3-part series about Cybercrime in Healthcare – to the worst passwords your organization can use. As you review and prepare your risk and compliance strategies for the coming year, check out some of our client's most read blog posts from ...

After a lengthy process of “putting things to rights” in 17 states, Zenefits is paying up to US$7 million in penalties. As with other digital health companies penalized for non-compliance, the fast-growing benefits company has discovered the hard truth: compliance should not be an afterthought.

Demonstrating HIPAA compliance is a challenge for many digital health companies. In fact, smaller digital health companies often struggle to meet even the basic requirements of the HIPAA Privacy, Security, and Breach notification rules. Fortunately, Amazon Web Services and MS Azure, both of which ...

In our Cybercrime article series, we say that it’s a good idea to check if your back door is unlocked. But what if you are the back door? In June, Massachusetts General Hospital confirmed, and named, the third party vendor who was responsible for the cyberattack and security breach that exposed ...

There’s a streamlined way to get there. A growing number of digital health companies are being asked to adopt the HITRUST standard. You too may soon get asked. HITRUST is now the compliance standard for many large healthcare organizations like Anthem, Health Care Services Corp., Highmark, Humana, ...

Ransomware attacks are changing how companies put a price on cybersecurity, and making it a Board Room issue. Think back to the data breaches at Anthem, Care First Blue Cross Blue Shield or Premera Blue Cross. Individual patient records were exposed, potentially costing each entity millions of ...

In the last few months we have seen a spike in cybercrime with a series of ransomware attacks in the healthcare industry. Hospitals, from California to Washington DC, have been attacked. Unlike attacks in the past where stealing sensitive data was the goal, these attacks are designed to prevent the ...

GUEST BLOG: Our guest blog post this week is written by Chris Apgar, CEO of Apgar and Associates, LLC. Chris is a recognized expert in Information Security and Compliance. We are delighted to have him contribute to the Ostendio Blog.

We are excited to have a guest blog post from Irina Ridley, Privacy and Compliance Officer for Omada Health. Irina offers practical guidance for healthcare providers when considering digital health partners. See Irina's original LinkedIn post.

This week we saw yet another cybercrime attack on a large hospital system. This is the latest in a series of apparent ransomware attacks starting in California, then Kentucky and now Washington DC. In these attacks, hackers can essentially halt a large patient care system for several days. This has ...

Hospitals: The New Frontier for Medical Device Cybercrime

By now you may have heard about the recent ransom attack at Hollywood Presbyterian Medical Center. Hackers held the hospital’s electronics medical records (EMR) system hostage, demanding a ransom for their release, which the hospital paid. Your first thought was probably, “I wonder how they [the ...