Penetration Testers Offer Real-World Advice About Threats, Securing Your Healthcare Organization

by Chris Dowhan, OSCP, GREM, GWAPT | May 11, 2021 | Blog

Today’s modern threat landscape is constantly evolving. Determined, opportunistic, and well-resourced threat actors continue to develop tools, tactics and techniques aimed at gaining access to systems, stealing data, and/or installing ransomware.  And...

Business Associate to Business Associate: A CISO’s Perspective on Applying Controls to Identified Risks

by Henry Sprafkin | Apr 21, 2021 | Blog

In my first blog in this series, I focused on how Business Associates can ensure the data they interact with on behalf of customers remains secure and confidential. I shared thoughts on the importance of risk analysis and how to focus resources on the most impactful...

HR 7898: More Incentive for Healthcare Entities to Adopt Cybersecurity Best Practices

by Jon Moore | Apr 6, 2021 | Blog

Signed into law by former President Trump on January 5 of this year. HR 7898 is an amendment or provision to the Health Information Technology for Economic and Clinical Health Act (HITECH Act). This new law requires the U.S. Department of Health and Human Services...

A Look at the Impact of the MD Anderson Court of Appeals Decision on OCR and Your Healthcare Entity

by Jon Moore | Mar 26, 2021 | Blog

Since finalizing the HIPAA Privacy and Security Rules in 2003, the Office for Civil Rights (“OCR”) has looked into more than a quarter-million HIPAA complaints and launched more than 1,000 compliance reviews. OCR has resolved approximately 90% of these...

Business Associate to Business Associate: A CISO’s Perspective

by Henry Sprafkin | Mar 17, 2021 | Blog

As CISO for Clearwater, I am responsible not only to internal stakeholders, but to customers as well. We take very seriously the responsibility to implement the processes and controls necessary to meet and exceed the requirements of our customers and ensure the data...