by Henry Sprafkin | Jun 7, 2021 | Blog
The first two installments in this series focused on risk management and risk-based control selection. While not a requirement, it is best to build the security control library based on an established control framework. There are over 200 different risk management,...
by Jon Moore | May 17, 2021 | Blog
Under the HIPAA Security Rule, covered entities and business associates are required to perform risk analysis on all systems that create, receive, maintain, or transmit electronic protected health information. In 2010, the Office for Civil Rights (OCR) published...
by Chris Dowhan, OSCP, GREM, GWAPT | May 11, 2021 | Blog
Today’s modern threat landscape is constantly evolving. Determined, opportunistic, and well-resourced threat actors continue to develop tools, tactics and techniques aimed at gaining access to systems, stealing data, and/or installing ransomware. And...
by Henry Sprafkin | Apr 21, 2021 | Blog
In my first blog in this series, I focused on how Business Associates can ensure the data they interact with on behalf of customers remains secure and confidential. I shared thoughts on the importance of risk analysis and how to focus resources on the most impactful...
by Jon Moore | Apr 6, 2021 | Blog
Signed into law by former President Trump on January 5 of this year. HR 7898 is an amendment or provision to the Health Information Technology for Economic and Clinical Health Act (HITECH Act). This new law requires the U.S. Department of Health and Human Services...