BLOG

Medical device security is top-of-mind for all healthcare organizations, and new FDA regulations address their complexity. Read the blog to learn more. Read More

With the average cost of a healthcare data breach exceeding $10 million and 60% of healthcare breaches stemming from vendors, it’s no surprise there has been an uptick in contracting requirements around third-party assurances like HITRUST, SOC 2, and others. These assurances are often tied to contract execution, particularly for those third parties that are handling significant amounts of PHI.   Read More

With the average cost of a healthcare data breach exceeding $10 million and 60% of healthcare breaches stemming from vendors, it’s no surprise there has been an uptick in contracting requirements around third-party assurances like HITRUST, SOC 2, and others. These assurances are often tied to contract execution, particularly for those third parties that are handling significant amounts of PHI.   Read More

HITRUST, the information risk management, standards, and certification body, has released HITRUST CSF version 11 to improve mitigations against evolving cyber threats, broaden the coverage of authoritative sources, and streamline the journey to higher levels of assurance. Meditology is an authorized HITRUST external assessor organization and we have a dedicated team of HITRUST experts available to discuss your specific certification needs. Read More

What does it mean to win at cyber risk management? Succeeding in cybersecurity and risk management is not about stopping a single attack or checking a box for compliance or security control implementation accomplishments. It is not about climbing a mountain, planting a flag, and declaring victory. Instead, cyber risk management is a dynamic game where the rules, adversaries, and tactics are constantly changing and evolving. Cyber risk management has become the ultimate endurance sport that requires relentless conditioning, practice, teamwork, and assembling the right equipment, leaders, and gameplan to prevail day in and day out. This blog post provides a playbook for assembling elite healthcare cybersecurity and risk management programs that are built to endure and dominate the game we have all suited up to play. Read More

This blog explores the cybersecurity requirements necessary for healthcare organizations to become a QHIN and plug into the national network of health information exchange facilitated by ONC’s TEFCA program. Read More

What does it mean to win at cyber risk management? Succeeding in cybersecurity and risk management is not about stopping a single attack or checking a box for compliance or security control implementation accomplishments. It is not about climbing a mountain, planting a flag, and declaring victory. Instead, cyber risk management is a dynamic game where the rules, adversaries, and tactics are constantly changing and evolving. Cyber risk management has become the ultimate endurance sport that requires relentless conditioning, practice, teamwork, and assembling the right equipment, leaders, and gameplan to prevail day in and day out. This blog post provides a playbook for assembling elite healthcare cybersecurity and risk management programs that are built to endure and dominate the game we have all suited up to play. Read More

We hear the terms risk assessment, risk analysis, and evaluation used routinely in healthcare settings, often in the context of HIPAA compliance. The big question: is there a material difference between these terms from a HIPAA regulatory perspective? Answering this question correctly is critical to maintaining HIPAA compliance and staying out of hot water with regulators. Many organizations that have misunderstood and misapplied these terms have ended up facing multi-million-dollar settlements with the Office for Civil Rights (OCR) for failure to comply with the HIPAA Security Rule. Read More