That’s a million dollar question. No, really, it could literally cost you millions not to know. In doubt? Fresenius isn’t. It’s cost the dialysis chain a $3.5 million settlement for data breaches in 2012. The resolution agreement cites instances of unauthorized access and “impermissible ...

It’s not uncommon today for businesses to outsource certain services to third-parties. However, with outsourcing, the risks of the service organization are inherited by the company who hired them. In some cases, a third party vendor may be a crucial part of your business operations.When it comes to ...

No one ever looks forward to a compliance audit. However, there are steps you can take to alleviate some of the pains felt before an audit, and it all comes down to proper preparation. By building compliance processes into your internal structure, audits can become relatively painless - as well as ...

What’s your current approach to compliance? Policies and procedures in place, a security risk analysis every eighteen months, and an annual slide presentation for employees on HIPAA basics? With our increased reliance on data, as well as changing compliance rules and regulations, that's no longer ...

HITRUST (Health Information Trust Alliance) and NIST (National Institute of Standards and Technology) recently announced that they have teamed up and developed a certification designed to make it easier for security and compliance teams to demonstrate how they have implemented the framework. The ...

After more than two years dealing with the menace of being held hostage by ransomware, cryptominers are the last thing healthcare IT and security departments want to hear about. But the evolution of cyberthreats continue, with an April 2018 publication from HIMSS citing a recent report that the Q1 ...

When it comes to HIPAA compliance and cybersecurity, the danger comes with thinking one assures the other. It doesn’t. Just skim the daily headlines to know that the risk ransomware and human error bring to sensitive healthcare data proves that HIPAA alone is not enough to protect ePHI. It’s true ...

On Tuesday April 22nd, myself and Ostendio’s CEO, Grant Elliott, attend DCA LIVE’s 2018 BIG Cyber Growth Summit. As a cybersecurity product company headquartered in the greater Washington DC area, I found it very interesting to learn that only 11% of the 177-pure play cyber firms sell a product – ...

Study Shows that Healthcare's Internal Security Breaches Exceed External Ones Was that Lady Gaga in the emergency room? What kind of procedure is my ex having? If you’re a healthcare organization, curiosity is one reason why your employees are a data security threat. Yes, the recent Verizon DBIR ...

Phishing is quickly evolving to take advantage of that most difficult-to-prevent vulnerability: human error. A lack of security awareness can lead to an unsuspecting employee clicking on one innocuous looking email, launching the cyber-criminal's malignant malware. There goes the network. To put a ...

If you collect any EU resident’s identifying data as broadly defined under the EU’s General Data Protection Regulation, aka GDPR, you now have another set of privacy and security regulations with which to comply. Do you know what you need to do to get ready by 25 May 2018? Whether your company is ...

One of the key objectives when developing an effective security and compliance management program is to remain interdependent of core systems. While some integrations can offer significant time saving such as Single Sign-On, Ticketing, and Asset Management, typically there are more sophisticated ...

Security certifications are fast becoming need-to-haves for vendors and technology firms.

If you’re reading this blog, you’re likely very aware that HITRUST certification and its proprietary MyCSF (Common Security Framework) is increasingly becoming the default choice for healthcare organizations. According to HITRUST’s over 80% of hospitals and health plans with over 500,000 members ...

With so much data being created, sometimes it’s hard to tell what’s sensitive data and what isn’t, what’s a risk to it and what’s not. This can be especially true if you don’t work in IT or Compliance. But if you’re an employee who uses a computer, sends and receives email, texts, uploads or ...