Many of our clients inquire about incorporating other standards into their SOC 2 exam. A common standard that is industry agnostic is the Center for Internet Security’s Critical Security Controls (CIS Controls). The CIS Controls are a set of best practices you can use to ensure you have a strong cybersecurity process in place.  ..read more

One of the frequent topics of discussion with my SOC 2 clients is the possibility of integrating the Health Insurance Portability and Accountability Act, as amended, (HIPAA) standards with their existing SOC 2 control set. As either a covered entity or business associate, they are required to comply with the HIPAA regulations ..read more

In the rapidly evolving digital landscape, the intersection of healthcare data privacy and online tracking technologies has become a focal point for both regulatory bodies and privacy advocates. The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) recently published updated guidance on “Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates,” illuminating the complexities and responsibilities that HIPAA-covered entities and their business associates face in this regard.  ..read more

As healthcare organizations increasingly rely on digital systems for patient care, they become attractive targets for cyber threats. Recognizing this crucial need, the U.S. Department of Health and Human Services (HHS) released the Healthcare and Public Health (HPH) Sector-Specific Cybersecurity Performance Goals, also known as HPH CPGs, on December 6, 2023 ..read more

As healthcare organizations increasingly rely on digital systems for patient care, they become attractive targets for cyber threats. Recognizing this crucial need, the U.S. Department of Health and Human Services (HHS) released the Healthcare and Public Health (HPH) Sector-Specific Cybersecurity Performance Goals, also known as HPH CPGs, on December 6, 2023 ..read more

Meditology has long been at the forefront of healthcare cybersecurity, aiding organizations in navigating the labyrinth of digital threats and compliance complexities. With our industry expertise, we bring a unique and authoritative perspective on the pivotal changes needed in the healthcare sector's approach to cybersecurity post the Change Healthcare incident. We believe the established norms of information security must evolve into a narrative of proactive incident response and cyber resilience ..read more

Artificial Intelligence (AI) systems, including natural language processing, machine learning applications, and continued emerging applications of AI, hold immense promise for the healthcare industry. However, the rapid evolution of these technologies introduces new risks, terminologies, and complexities. Trust in AI systems is paramount, ensuring they operate with the expected quality and integrity while meeting governance, ethical, and legal standards. In response to the evolving AI landscape, HITRUST introduces its AI Assurance Program, the first and only program with the ability to demonst ..read more

In this blog, we will provide a comprehensive comparison between Revision 1 and Revision 2, highlighting the key differences, improvements, and impacts on organizations ..read more

The U.S. Department of Health and Human Services' Office for Civil Rights (OCR) recently settled with Montefiore Medical Center, a non-profit hospital system in New York City, for several potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Security Rule. This incident underscores the importance of robust cybersecurity measures in healthcare organizations and provides valuable lessons for similar institutions.  ..read more

In this article, we'll explore CSF 2.0 specifically within the healthcare sector ..read more