Business Associate to Business Associate: Selecting an Information Security and Privacy Framework

by Henry Sprafkin | Jun 7, 2021 | Blog

The first two installments in this series focused on risk management and risk-based control selection. While not a requirement, it is best to build the security control library based on an established control framework. There are over 200 different risk management,...

The Realities and Legalities of Risk Analysis and Risk Management in Healthcare

by Jon Moore | May 17, 2021 | Blog

Under the HIPAA Security Rule, covered entities and business associates are required to perform risk analysis on all systems that create, receive, maintain, or transmit electronic protected health information. In 2010, the Office for Civil Rights (OCR) published...

Penetration Testers Offer Real-World Advice About Threats, Securing Your Healthcare Organization

by Chris Dowhan, OSCP, GREM, GWAPT | May 11, 2021 | Blog

Today’s modern threat landscape is constantly evolving. Determined, opportunistic, and well-resourced threat actors continue to develop tools, tactics and techniques aimed at gaining access to systems, stealing data, and/or installing ransomware.  And...

Business Associate to Business Associate: A CISO’s Perspective on Applying Controls to Identified Risks

by Henry Sprafkin | Apr 21, 2021 | Blog

In my first blog in this series, I focused on how Business Associates can ensure the data they interact with on behalf of customers remains secure and confidential. I shared thoughts on the importance of risk analysis and how to focus resources on the most impactful...

HR 7898: More Incentive for Healthcare Entities to Adopt Cybersecurity Best Practices

by Jon Moore | Apr 6, 2021 | Blog

Signed into law by former President Trump on January 5 of this year. HR 7898 is an amendment or provision to the Health Information Technology for Economic and Clinical Health Act (HITECH Act). This new law requires the U.S. Department of Health and Human Services...