Login
Schedule a Demo

Introducing Crosswalk Assessments from Ostendio

Today is an exciting day for Ostendio customers as we  launch the third component of our CrossWalk feature set - CrossWalk Assessments. This new...
Read

Check Out the Brand New Ostendio.com Website!

2019 has been a great year so far for Ostendio! More companies than ever are using MyVCM for Security and Risk Management (also called  Integrated...
Read

What the HITRUST & NIST Alignment brings to Healthcare Organizations

You might have heard that HITRUST has launched a certification program for the NIST Cybersecurity Framework. The new certification for NIST...
Read

Risk Management: What does it Mean to your 2019 Security Strategy?

For CISOs, data risk is like a fire underfoot. Data’s very fluidity and its constant generation makes a complete lockdown impossible - no matter...
Read

5 Things to Know Before Buying Compliance Management Software

How do you choose the right compliance management software ? Technology can seriously streamline compliance management efforts and help you ...
Read

What's Needed for the Private Market to Take Data Security Seriously?

After the Marriott data breach, the Quora breach, the Anthem breach, and the Uber breach… well, you get the picture. After all of these data...
Read

5 Data Privacy and Security Predictions for 2019

In 2018 we started to see the effect of a global grassroots movement that demands stronger data privacy parameters. As of December 2018, reported ...
Read

3 Ways Tech Companies Can Benefit from a Security Risk Assessment

If you’re a technology company with the view that cybersecurity is largely an IT issue, you may take the attitude of “We’ve got this.” Hold that...
Read

Why Integrated Risk Management is Becoming the Preferred Approach to Data Security

There’s an inherent risk to doing business, particularly business that touches personal data. For years now, the business community – from healthcare...
Read

5 Ways to Integrate your Cybersecurity and Compliance Programs

Data breaches aren’t just a problem for security professionals. The impact is felt across the whole business—from your legal team, embroiled in...
Read

HITRUST vs HIPAA: What Are the Differences?

HITRUST Certification is growing in popularity. What started as a framework for the healthcare industry has now expanded to include other regulated...
Read

Why SMBs Need to Ramp up Security Awareness Training

Did you know that small to medium-sized businesses (SMBs) may have a higher cybersecurity risk than larger counterparts when you consider...
Read

5 Ways to Protect Your Workforce Against Breach Fatigue

Is news of a data breach becoming “white noise”? Thanks to the sheer frequency of data breaches, the general attitude toward online security is...
Read

Have you Identified What Data is Worth Defending?

Cyber experts like former Federal CISO Gregory Touhill feel that managing risk is paramount to, and more effective than, trying to defend everything,...
Read

Why the California Consumer Privacy Act is Important to all Online Users

No matter the criticism of the “rush job” regarding the newly passed AB375, the California Consumer Privacy Act, its underlying purpose makes it the...
Read

How do you Prevent Unauthorized Access to ePHI?

That’s a million dollar question. No, really, it could literally cost you millions not to know. In doubt? Fresenius isn’t. It’s cost the dialysis...
Read

Are you Managing your Vendor Risk?

It’s not uncommon today for businesses to outsource certain services to third-parties. However, with outsourcing, the risks of the service...
Read

Can a Compliance Audit be Pain-Free?

No one ever looks forward to a compliance audit. However, there are steps you can take to alleviate some of the pains felt before an audit, and it...
Read

How to Help Employees Rethink Compliance and Security

What’s your current approach to compliance? Policies and procedures in place, a security risk analysis every eighteen months, and an annual slide...
Read

What the HITRUST & NIST Alignment Brings to Healthcare Organizations

HITRUST (Health Information Trust Alliance) and NIST (National Institute of Standards and Technology) recently announced that they have teamed up and...
Read

Can you think like a cybercriminal? It may be your best defense against cryptominers.

After more than two years dealing with the menace of being held hostage by ransomware, cryptominers are the last thing healthcare IT and security...
Read

HIPAA Plus: What Healthcare Needs to Understand about Cybersecurity

When it comes to HIPAA compliance and cybersecurity, the danger comes with thinking one assures the other. It doesn’t.  Just skim the daily headlines...
Read

Big Cyber Growth in the Greater Washington Area

On Tuesday April 22nd, myself and Ostendio’s CEO, Grant Elliott, attend DCA LIVE’s 2018 BIG Cyber Growth Summit. As a cybersecurity product company...
Read

Curiosity Killed the Healthcare Organization

Study Shows that Healthcare's Internal Security Breaches Exceed External Ones Was that Lady Gaga in the emergency room? What kind of procedure is my...
Read

Security Awareness Training vs Human Error: Can it Make the Difference?

Phishing is quickly evolving to take advantage of that most difficult-to-prevent vulnerability: human error. A lack of security awareness can lead to...
Read

'We’re a US Company, the EU’s GDPR doesn’t apply!' Think again.

If you collect any EU resident’s identifying data as broadly defined under the EU’s General Data Protection Regulation, aka GDPR, you now have...
Read

Should you Integrate your GRC Platform with your Back-End Systems?

One of the key objectives when developing an effective security and compliance management program is to remain interdependent of core systems.  While...
Read

How to Prepare for a SOC 2 Audit

Security certifications are fast becoming need-to-haves for vendors and technology firms. Certifications, such as SOC 2, can offer a cost-efficient...
Read

The Path to HITRUST Certification Success

If you’re reading this blog, you’re likely very aware that HITRUST certification and its proprietary MyCSF (Common Security Framework) is...
Read

I’m Not an IT Employee, How Can I Protect Sensitive Data?

With so much data being created, sometimes it’s hard to tell what’s sensitive data and what isn’t, what’s a risk to it and what’s not. This can be...
Read

To Pay or Not to Pay? Authorities say “No” to Ransomware Demands

According to Kaspersky, a company is hit by ransomware every 40 second. There’s a lot that goes into handling a ransomware cyberattack, not the least...
Read

Why the IoT Security of Medical Devices falls on Device Makers

When you’re a medical device manufacturer, your primary goal is to get your product into hospitals and care provider networks. The internet of things...
Read

How about a Cybersecurity Resolution for 2018?

It’s a new year with a new budget, and a new year’s resolution for laser-focus on cybersecurity. That should be easier to keep than the ones for no...
Read

Compliance and Security: Why One Does NOT Equal The Other

It’s an all-too- common misunderstanding, but a robust information security program doesn’t mean you’re in compliance with whatever regulations...
Read

ePHI Data Breaches: How to Reduce the Human Risk

As we wrap up 2017, the number of healthcare data breaches are up over 2016, with 41% caused by “insiders” per the Protenus Breach Barometer mid-year...
Read

Better Together: Security & Privacy

When you think about protecting sensitive data, do you think about privacy or security? It’s a trick question because the answer should be “Both.”...
Read

Small Businesses “Get It” when it comes to Cybersecurity

As we wrap up Cybersecurity Awareness Month, keep in mind that cybercriminals are indiscriminate in who they attack. Large business, small business,...
Read

Why HIPAA Remains Important to Healthcare Data Protection

For the last eighteen months or so, media coverage of healthcare hasn’t been focused so much on HIPAA regulations, but on the cybersecurity strength...
Read

The Road Ahead: Year-end Trends in Healthcare Cybersecurity

Healthcare data breaches account for over 22% of the data breaches so far in 2017. To put a number on it, that’s nearly 2 million health data...
Read

3 Meaningful Steps for Data Breach Prevention and Preparation

Reported data breaches show that HIPAA violation settlements are on the upswing, both in terms of the number of individuals affected and financial...
Read

Ostendio Nominated for Best Tech Start-Up

We’re proud to announce that Ostendio has been shortlisted as a finalist in the “Best Technology Startup” category for the Third Annual Timmy Awards....
Read

The Evolution of Ransomware and Prioritizing Healthcare Data

Has your organization experienced a data breach yet? Increasingly, odds are that you will, if you haven’t already. According to Protenus, 2017 is...
Read

Top InfoSec Conferences 2017 - 2018

Are you always on the look out for the best InfoSec conferences to attend? We've found several helpful resources to point you in the right direction,...
Read

HIPAA & HITRUST: Learning to Walk, Before You Can Run

Are you considering HITRUST but haven’t yet put your HIPAA house in order? That’s similar to starting college when you’ve not yet earned your high...
Read

Cybercriminals Don’t Discriminate: Size Doesn’t Matter

Whenever we read the latest headlines on cybercrimes and data breaches, it’s easy to slough it off as being something that only happens to the big...
Read

Security Pros Expect Major Breach in 2 Years: Petya Another Warning

Sixty percent of respondents to the 2017 Black Hat survey believe that a successful cyber attack on U.S. critical infrastructure will occur in the...
Read

4th of July Tech Tips (and for Travel in General)

As America gears up for hot dogs, fireworks and celebrating with friends and family, keep in mind these five security tips to help protect your...
Read

Do You Know What Data You Have? And How To Protect It?

Data breaches are at an all-time high in 2017. Many organizations cover data under one big security blanket. But what if you’re missing some of the...
Read

5 Tips for Creating a Culture of Cybersecurity

You’ve likely heard about organizations having a culture of compliance but not as much about having a culture of cybersecurity. Yet as threats to our...
Read

Cybercrime in healthcare is the new normal. How can we reduce the number of attacks?

Ransomware is growing in popularity because it works. A recently released study by Google estimates that ransomware victims have paid over $25million...
Read

Pledge 1%

Ostendio is proud to have joined the Pledge 1% organization, which is a corporate philanthropy movement dedicated to making the community a key...
Read

Understanding ISO-27001 Requirements

What is ISO-27001? ISO-27001 is a globally recognized security framework.  It aims to “provide a model for establishing, implementing, operating,...
Read

What is a SOC Report? Do I Need One?

SOC stands for Service Organizational Control. There are three types of SOC reports, but we’ll focus on the second one, which is “designed for the...
Read

Using the WannaCry Ransomware Attack to Hone Prevention

It’s reported to have been one of the largest cyber extortion attacks to-date. The WannaCry (aka WanaCryptor 2.0) ransomware attack hit globally and...
Read

Cybercrime: Why is the Healthcare Industry Under Siege?

Why is healthcare so heavily and successfully targeted by cybercrime? It’s a tough question, but after a record number of breaches last year – nearly...
Read

Overview: Steps to Becoming HITRUST Certified

HITRUST. A term becoming increasingly popular in the healthcare arena. But what exactly is HITRUST? And what’s involved in becoming HITRUST certified?
Read

HIPAA Compliance and Cloud Service Providers

Having patients feel safe sharing sensitive health information is critical to the future of informed population health. How can you ensure that you...
Read

How does your Breach Security Compare to the rest of the Healthcare Industry?

According to research conducted by Intel in 2015, avoiding breaches and associated business impacts is the top privacy and security concern across...
Read

HIPAA in a Non-ACA World: Would Information Security Change?

Does a repeal or reworking of the Affordable Care Act mean that we should expect less focus on HIPAA and cybersecurity? Almost certainly not. In...
Read

Top 5 Predictions for Healthcare Cybersecurity in 2017

As 2016 draws to a close, it was a busy year for both companies defending themselves, and cyber criminals creating new forms of attack. As CEO of...
Read

End-of-Year Round Up: 3 Must Read Ostendio Blog Posts

The Ostendio blog covered a lot of ground this year – from a 3-part series about Cybercrime in Healthcare – to the worst passwords your organization...
Read

Compliance & Risk: Has the Zenefits Lesson Changed the Game?

After a lengthy process of “putting things to rights” in 17 states, Zenefits is paying up to US$7 million in penalties. As with other digital health...
Read

HITRUST for the digital health startup: Should you consider it?

Demonstrating HIPAA compliance is a challenge for many digital heath companies. In fact, smaller digital health companies often struggle to meet even...
Read

Do No Harm!

Should Healthcare Privacy and Security Officers take the Hippocratic Oath to do no harm? A couple weeks ago my co-founder and Ostendio CEO, Grant...
Read

Cyberattacks: Vendor named as cause

In our Cybercrime article series, we say that it’s a good idea to check if your back door is unlocked. But what if you are the back door? In June, ...
Read

FDA Guidance : “Go Ahead & Share”

[av_textblock size='' font_color='' color='' av-medium-font-size='' av-small-font-size='' av-mini-font-size='' admin_preview_bg=''] FDA Guidance :...
Read

HITRUST Certification – Is your client requesting it?

There’s a streamlined way to get there. A growing number of digital health companies are being asked to adopt the HITRUST standard. You too may soon...
Read

Ransomware is changing Healthcare!

[av_one_full first min_height='' vertical_alignment='' space='' custom_margin='' margin='0px' padding='0px' border='' border_color='' radius='0px'...
Read

Ransomware Cyberattacks: 7 Steps to Protect Yourself!

[av_textblock size='' font_color='' color=''] In the last few months we have seen a spike in cybercrime with a series of ransomware attacks in the...
Read

The Brave (not so new) World of Compliance & Cybersecurity

[av_one_full first min_height='' vertical_alignment='' space='' custom_margin='' margin='0px' padding='0px' border='' border_color='' radius='0px'...
Read

Whipped Into Shape: 5 Compliance Questions To Ask Your Digital Health Partners

We are excited to have a guest blog post from Irina Ridley, Privacy and Compliance Officer for Omada Health.  Irina offers practical guidance  for...
Read

Cybercrime in Healthcare - Part 3

[av_one_full first min_height='' vertical_alignment='' space='' custom_margin='' margin='0px' padding='0px' border='' border_color='' radius='0px'...
Read

Apple CareKit: What it means for Patient Privacy

Apple held their latest product unveil earlier this week and of course there was the obligatory newest iPhone announcement. What was more...
Read

Cybercrime in Health Care -Part 2

[av_one_full first min_height='' vertical_alignment='' space='' custom_margin='' margin='0px' padding='0px' border='' border_color='' radius='0px'...
Read

Cybercrime - How safe is your health data?

[av_one_full first min_height='' vertical_alignment='' space='' custom_margin='' margin='0px' padding='0px' border='' border_color='' radius='0px'...
Read

Zenefits is Just the tip of the Iceberg – 4 Reasons Why

The digital health market was rocked by the recent announcement that HR services darling Zenefits has gone from ‘rock star’ to a symbol of Silicon...
Read

Worst Passwords - are you using one of these?

Did you see the recent Forbes article on the 2015 worst passwords list? It is not hugely better news over last year’s list, but it is always a good...
Read

FDA takes on Mobile Security

A recent Healthcare IT News article revealed that 95% of FDA approved mobile health apps lack important technical protection layers. That means our...
Read

You Took an Online Risk Assessment!

THINK YOU ARE COMPLIANT? THINK AGAIN! A key first step in being compliant with most security regulations, including HIPAA, is the completion of an...
Read

Medical Identity Theft: Congress’s letter to OCR

In a letter from Congress to CMS (Centers for Medicare and Medicaid Services) and OCR (Office of Civil Rights) last month, the Senate HELP (Health,...
Read

What the 3 Little Pigs Can Teach Us about Risk Assessments!

[av_textblock size='' font_color='' color='' av-medium-font-size='' av-small-font-size='' av-mini-font-size='' admin_preview_bg=''] Once upon a time,...
Read

It’s the people, stupid!

[av_textblock size='' font_color='' color='' av-medium-font-size='' av-small-font-size='' av-mini-font-size='' admin_preview_bg=''] Why the big focus...
Read

4 Reasons why Healthcare Data Breaches will continue to rise! Part 2

[av_one_full first min_height='' vertical_alignment='' space='' custom_margin='' margin='0px' padding='0px' border='' border_color='' radius='0px'...
Read

4 Reasons why Healthcare Data Breaches will continue! Part – 1

[av_textblock size='' font_color='' color='' av-medium-font-size='' av-small-font-size='' av-mini-font-size='' admin_preview_bg=''] Digital health...
Read

A new standard for privacy in the cloud!

[av_one_full first min_height='' vertical_alignment='' space='' custom_margin='' margin='0px' padding='0px' border='' border_color='' radius='0px'...
Read

Disney Passwords - exploding the myth of password complexity

[av_one_full first min_height='' vertical_alignment='' space='' custom_margin='' margin='0px' padding='0px' border='' border_color='' radius='0px'...
Read

1776dc.com: Why Your Health Data Is Worth More Than Your Financial Data

[av_one_full first min_height='' vertical_alignment='' space='' custom_margin='' margin='0px' padding='0px' border='' border_color='' radius='0px'...
Read

Will all health data soon be regulated?

[av_one_full first min_height='' vertical_alignment='' space='' custom_margin='' margin='0px' padding='0px' border='' border_color='' radius='0px'...
Read

Achieving compliance in the cloud

[av_one_full first min_height='' vertical_alignment='' space='' custom_margin='' margin='0px' padding='0px' border='' border_color='' radius='0px'...
Read

Concerned about HIPAA Compliance? If You’re a Health Startup, Yes

[av_one_full first min_height='' vertical_alignment='' space='' custom_margin='' margin='0px' padding='0px' border='' border_color='' radius='0px'...
Read

HISTalk: Santa Claus, Flying Reindeer, and the HIPAA-Compliant Data Center

[av_one_full first min_height='' vertical_alignment='' space='' custom_margin='' margin='0px' padding='0px' border='' border_color='' radius='0px'...
Read

Why mere compliance increases risk

[av_one_full first min_height='' vertical_alignment='' space='' custom_margin='' margin='0px' padding='0px' border='' border_color='' radius='0px'...
Read

5 simple steps to secure your business

[av_one_full first min_height='' vertical_alignment='' space='' custom_margin='' margin='0px' padding='0px' border='' border_color='' radius='0px'...
Read

Set the FDA mobile medical app guidance free! - Part 2

[av_one_full first min_height='' vertical_alignment='' space='' custom_margin='' margin='0px' padding='0px' border='' border_color='' radius='0px'...
Read

Set the FDA mobile medical app guidance free!

  Bradley Merrill Thompson publishes a great piece offering 5 factual reasons why we should all support publication of the FDA mobile medical app...
Read