Is news of a data breach becoming “white noise”? Thanks to the sheer frequency of data breaches, the general attitude toward online security is becoming more “Meh” than “OMG.” That attitude, called breach fatigue, only ups the risk to our sensitive data.

Cyber experts like former Federal CISO Gregory Touhill feel that managing risk is paramount to, and more effective than, trying to defend everything, data-wise. He goes so far as to quote Frederick the Great, saying, “He who defends everything defends nothing.” That thought definitely applies to ...

No matter the criticism of the “rush job” regarding the newly passed AB375, the California Consumer Privacy Act, its underlying purpose makes it the strongest privacy law of any in the US. The Act places personal information privacy at the pinnacle for protection. No longer do strict privacy ...

That’s a million dollar question. No, really, it could literally cost you millions not to know. In doubt? Fresenius isn’t. It’s cost the dialysis chain a $3.5 million settlement for data breaches in 2012. The resolution agreement cites instances of unauthorized access and “impermissible ...

It’s not uncommon today for businesses to outsource certain services to third-parties. However, with outsourcing, the risks of the service organization are inherited by the company who hired them. In some cases, a third party vendor may be a crucial part of your business operations.When it comes to ...

No one ever looks forward to a compliance audit. However, there are steps you can take to alleviate some of the pains felt before an audit, and it all comes down to proper preparation. By building compliance processes into your internal structure, audits can become relatively painless - as well as ...

What’s your current approach to compliance? Policies and procedures in place, a security risk analysis every eighteen months, and an annual slide presentation for employees on HIPAA basics? With our increased reliance on data, as well as changing compliance rules and regulations, that's no longer ...

HITRUST (Health Information Trust Alliance) and NIST (National Institute of Standards and Technology) recently announced that they have teamed up and developed a certification designed to make it easier for security and compliance teams to demonstrate how they have implemented the framework. The ...

After more than two years dealing with the menace of being held hostage by ransomware, cryptominers are the last thing healthcare IT and security departments want to hear about. But the evolution of cyberthreats continue, with an April 2018 publication from HIMSS citing a recent report that the Q1 ...

When it comes to HIPAA compliance and cybersecurity, the danger comes with thinking one assures the other. It doesn’t. Just skim the daily headlines to know that the risk ransomware and human error bring to sensitive healthcare data proves that HIPAA alone is not enough to protect ePHI. It’s true ...

On Tuesday April 22nd, myself and Ostendio’s CEO, Grant Elliott, attend DCA LIVE’s 2018 BIG Cyber Growth Summit. As a cybersecurity product company headquartered in the greater Washington DC area, I found it very interesting to learn that only 11% of the 177-pure play cyber firms sell a product – ...

Study Shows that Healthcare's Internal Security Breaches Exceed External Ones Was that Lady Gaga in the emergency room? What kind of procedure is my ex having? If you’re a healthcare organization, curiosity is one reason why your employees are a data security threat. Yes, the recent Verizon DBIR ...

Phishing is quickly evolving to take advantage of that most difficult-to-prevent vulnerability: human error. A lack of security awareness can lead to an unsuspecting employee clicking on one innocuous looking email, launching the cyber-criminal's malignant malware. There goes the network. To put a ...

If you collect any EU resident’s identifying data as broadly defined under the EU’s General Data Protection Regulation, aka GDPR, you now have another set of privacy and security regulations with which to comply. Do you know what you need to do to get ready by 25 May 2018? Whether your company is ...

One of the key objectives when developing an effective security and compliance management program is to remain interdependent of core systems. While some integrations can offer significant time saving such as Single Sign-On, Ticketing, and Asset Management, typically there are more sophisticated ...