As healthcare organizations store and manage sensitive patient information, they must ensure that their data is kept secure. One of the most effective ways to protect healthcare data is through phishing simulation and training. Phishing simulation is a process that tests the security knowledge of employees by sending out fake emails that resemble actual phishing attacks. These emails will contain malicious links or attachments that can cause potential harm to an organization if clicked. By running periodic phishing simulations, healthcare organizations can identify weak points in their securit ..read more

As a small business, it's important to understand the HIPAA Security Rule and how to conduct a HIPAA risk assessment. A HIPAA security risk assessment will help you identify and mitigate potential risks when working with or around protected health information (PHI). The HIPAA Security Rule requires Covered Entities and Business Associates to conduct a risk assessment to determine if there is a significant risk of harm to individuals due to the impermissible use or disclosure of PHI. This requirement was first introduced in 2003, and has been extended in the HITECH Act 2009 to include procedur ..read more

Cybercriminals work round the clock to detect and exploit vulnerabilities in your business’ network for nefarious gains. The only way to counter these hackers is by deploying a robust cybersecurity posture that’s built using comprehensive security solutions. However, while you’re caught up doing this, there is a possibility you may overlook mitigating the weakest link in your fight against cybercriminals — your employees. With remote work gaining traction and decentralized workspaces becoming the new norm, businesses like yours must strengthen their cybersecurity strategies to counter human e ..read more

Complying with data privacy and protection regulations wouldn’t give several business owners sleepless nights if it only meant installing a predefined list of security solutions. Compliance goes way beyond this and for good reason. In principle, regulators, local or international, want businesses to: assess the type of data they store and manage gauge the potential risks the data is exposed to list down the remediation efforts needed to mitigate the risks undertake necessary remediation efforts regularly and most importantly, document every single step of this seemingly arduous process as ev ..read more

By adopting a Compliance First strategy, when choosing solutions and vendors, you will identify those that do not comply with your requirements, eliminate them from your selection process, and then select from the rest. It also means evaluating your current solutions and vendors and replacing those that cannot support your compliance requirements. In simple terms, compliance is anything someone else makes you do. This means laws, regulations, contracts, and even the terms of a cyber insurance policy. Failure to act responsibly can have devastating results — hefty penalties, lawsuits, investig ..read more

One of the many challenges you probably face as a business owner is dealing with the vague requirements present in HIPAA and PCI-DSS legislation. Due to the unclear regulatory messaging, “assuming” rather than “knowing” can land your organization in hot water with regulators. The Health and Human Services (HSS) Office for Civil Rights receives over 1,000 complaints and notifications of HIPAA violations every year. When it comes to PCI-DSS, close to 70% of businesses are non-compliant. While you might assume it’s okay if your business does not comply with HIPAA or PCI-DSS since many other comp ..read more

The healthcare industry has been going through a difficult phase. While the COVID-19 pandemic overwhelmed health infrastructures across the globe, cyberattacks targeting the industry are skyrocketing. In 2020, healthcare was the worst affected industry by cybercrimes. Experts suggest that this trend will continue into 2021 and beyond. This is a reminder for organizations to regularly upgrade their security and compliance posture during these times of uncertainty. According to a report, cybercrime has shot up by over 300% since the start of the pandemic. Here are a few significant attacks on t ..read more

The COVID-19 pandemic threw multiple challenges at the healthcare industry. The sector saw a steep increase in demand that led to the collapse of health infrastructures in different parts of the world. What’s more, the industry experienced an unprecedented cybercrime surge. According to a report, the most attacked sector in 2020 was healthcare,1 and experts expect this trend to continue into 2021 and beyond. Increased adoption of a hybrid workforce model and telemedicine have created vulnerabilities threat actors are eager to exploit. Protected Health Information (PHI) threats are a significa ..read more

June 02, 2021 The Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services announces its nineteenth settlement of an enforcement action in its HIPAA Right of Access Initiative. OCR announced this initiative to support individuals' right to timely access their health records at a reasonable cost under the HIPAA Privacy Rule. The Diabetes, Endocrinology & Lipidology Center, Inc. (“DELC”) has agreed to take corrective actions and pay $5,000 to settle a potential violation of the HIPAA Privacy Rule's right of access standard. DELC is a West Virginia based healthcare p ..read more

March 26, 2021 The Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services announces its eighteenth settlement of an enforcement action in its HIPAA Right of Access Initiative. OCR announced this initiative to support individuals' right to timely access of their health records at a reasonable cost under the HIPAA Privacy Rule. Village Plastic Surgery ("VPS") has agreed to take corrective actions and pay $30,000 to settle a potential violation of the HIPAA Privacy Rule's right of access standard. VPS is located in New Jersey and provides cosmetic plastic surgery servi ..read more