BLOG

Why you should get hacked...on purpose

With the average cost of a healthcare data breach exceeding $10 million and 60% of healthcare breaches stemming from vendors, it’s no surprise there has been an uptick in contracting requirements around third-party assurances like HITRUST, SOC 2, and others. These assurances are often tied to contract execution, particularly for those third parties that are handling significant amounts of PHI.   Read More

5 Green Flags to Look for in Your Healthcare Cybersecurity Assessor

With the average cost of a healthcare data breach exceeding $10 million and 60% of healthcare breaches stemming from vendors, it’s no surprise there has been an uptick in contracting requirements around third-party assurances like HITRUST, SOC 2, and others. These assurances are often tied to contract execution, particularly for those third parties that are handling significant amounts of PHI.   Read More

HITRUST Redesigns CSF in v11 to Increase Efficiencies and Cyber Threat-Adaptive Assurances

HITRUST, the information risk management, standards, and certification body, has released HITRUST CSF version 11 to improve mitigations against evolving cyber threats, broaden the coverage of authoritative sources, and streamline the journey to higher levels of assurance. Meditology is an authorized HITRUST external assessor organization and we have a dedicated team of HITRUST experts available to discuss your specific certification needs. Read More

CISA Publishes Cyber Performance Goals for Healthcare

What does it mean to win at cyber risk management? Succeeding in cybersecurity and risk management is not about stopping a single attack or checking a box for compliance or security control implementation accomplishments. It is not about climbing a mountain, planting a flag, and declaring victory. Instead, cyber risk management is a dynamic game where the rules, adversaries, and tactics are constantly changing and evolving. Cyber risk management has become the ultimate endurance sport that requires relentless conditioning, practice, teamwork, and assembling the right equipment, leaders, and gameplan to prevail day in and day out. This blog post provides a playbook for assembling elite healthcare cybersecurity and risk management programs that are built to endure and dominate the game we have all suited up to play. Read More

Cyber Risk Management: The Ultimate Endurance Sport

What does it mean to win at cyber risk management? Succeeding in cybersecurity and risk management is not about stopping a single attack or checking a box for compliance or security control implementation accomplishments. It is not about climbing a mountain, planting a flag, and declaring victory. Instead, cyber risk management is a dynamic game where the rules, adversaries, and tactics are constantly changing and evolving. Cyber risk management has become the ultimate endurance sport that requires relentless conditioning, practice, teamwork, and assembling the right equipment, leaders, and gameplan to prevail day in and day out. This blog post provides a playbook for assembling elite healthcare cybersecurity and risk management programs that are built to endure and dominate the game we have all suited up to play. Read More

HIPAA Risk Analysis, Risk Assessment, & Evaluation: Is There a Difference?

We hear the terms risk assessment, risk analysis, and evaluation used routinely in healthcare settings, often in the context of HIPAA compliance. The big question: is there a material difference between these terms from a HIPAA regulatory perspective? Answering this question correctly is critical to maintaining HIPAA compliance and staying out of hot water with regulators. Many organizations that have misunderstood and misapplied these terms have ended up facing multi-million-dollar settlements with the Office for Civil Rights (OCR) for failure to comply with the HIPAA Security Rule. Read More