Follow us on

BLOG

You Are Here. Mapping Out A Path to Security Program Maturity

While many healthcare entities have addressed some fundamental information security capabilities, our industry is still regarded in many ways as lagging behind other industries that are popular targets of data predators. Healthcare CISOs are grappling with the next phase of security risk management: How to move from inception to growth, maturity and ultimately a robust, proactive security environment that can meaningfully address the complexity and dynamic nature of our industry. Read More

Published On November 12, 2019

Privacy Data Breaches | The Importance of Assessing Business Associate Privacy Controls

It’s a typical Monday. An inbox full of emails, a calendar full of appointments and a fresh cup of coffee nearby. The phone rings and it’s a patient calling to a report a possible inappropriate disclosure of their information. The patient’s mother is irate that a sensitive diagnosis was revealed in child support discussions. She is certain that the information came from your hospital. After calming the caller, you start your investigation and quickly find out that the breach was likely caused by an employee of your population health vendor. Read More

Published On October 7, 2019

Caught in a Spider’s Web | A Fly-By View of Healthcare Data Security Vulnerabilities

Just as a spider spins a web to catch unsuspecting insects, cybercriminals spin clever traps to capture patient data from healthcare organizations. Healthcare security executives must work on evolving their data security programs to avoid being caught in a dangerous web that can threaten patient health, security and privacy. Discover how your organization can evolve into a more secure entity designed to protect against current and emerging threats in the healthcare ecosystem. Read More

Published On September 5, 2019

The Evolving Landscape of Breach Notification Laws

GDPR has been a real game changer and has raised the bar when it comes to data breach notification and protecting personal data privacy. Following in the footsteps of the GDPR, the U.S. has seen several states issue significant changes concerning their data breach notification laws. This blog elaborates on new and upcoming breach notification laws. Read More

Published On July 9, 2019

The Dynamic Duo of HITRUST and SOC 2 Certifications

There is a dynamic duo in healthcare data security assurance: HITRUST CSF certification and SOC 2 attestation. Aligning your data security program with healthcare standards contained in HITRUST CSF and the SOC 2 attestation can bring numerous benefits. Pursuing these together in a full-scale security initiative offers an efficient approach to securing healthcare data. Read More

Published On June 4, 2019

Keeping Your Eyes Peeled to the OCR

At the recent HIMSS conference, the OCR provided an Enforcement Update where they outlined how they plan to approach enforcement with healthcare covered entities in 2019. As security and privacy consultants and advisors with our ears to the ground, we keep our eyes peeled for these important regulatory trends. What are the top trends that will have the biggest impact to healthcare security and privacy policy? Read More

Published On April 23, 2019

Stuck in the Middleware: Hidden Medical Device Security Weaknesses

Medical device and IoT unmanaged devices have introduced a significant hurdle for security teams to protect critical healthcare information and systems. A strategic direction for managing medical devices should be captured in a formal medical device security program and strategic plan. And while the “device” itself should be carefully evaluated for security risks, additional focus should be given to the middleware and platforms running behind the scenes. Read More

Published On February 20, 2019

Why Vendor Security Risk Management Belongs on the Boardroom Agenda

Even as third-party data breach activity continues to grow, the importance of third-party data security in board-level risk management strategy is not growing to match the need. In November 2018, the Ponemon Institute reported that among U.S. firms surveyed, 61 percent experienced a breach caused by third parties, which is up from the previous year at 56 percent. However, only 46 percent of firms surveyed say managing relationship risk is a priority. Read More

Published On February 11, 2019

Featured Blog Posts

The Future of HIPAA Regulations

Read

Cloud Security Risk Assessments Instrumental in Transforming Healthcare Organizations’ Cloud Security Posture

Read

Strengthening Medical Device Resiliency and Supply Chain Risk Preparedness in Clinical Settings

Read

How to Build a Resilient Third-Party Risk Management Program

Read
Keep Up
With Meditology
Be the first to receive exclusive IT risk management updates.