BLOG

Demystifying the SOC 2 Process

Let’s take a closer look at what you can expect throughout the SOC 2 process, including the length of examinations, how to tailor the examination to your requirements, and key questions to ask to select a qualified partner. Read More

Why you should get hacked...on purpose

With the average cost of a healthcare data breach exceeding $10 million and 60% of healthcare breaches stemming from vendors, it’s no surprise there has been an uptick in contracting requirements around third-party assurances like HITRUST, SOC 2, and others. These assurances are often tied to contract execution, particularly for those third parties that are handling significant amounts of PHI.   Read More

5 Green Flags to Look for in Your Healthcare Cybersecurity Assessor

With the average cost of a healthcare data breach exceeding $10 million and 60% of healthcare breaches stemming from vendors, it’s no surprise there has been an uptick in contracting requirements around third-party assurances like HITRUST, SOC 2, and others. These assurances are often tied to contract execution, particularly for those third parties that are handling significant amounts of PHI.   Read More

HITRUST Redesigns CSF in v11 to Increase Efficiencies and Cyber Threat-Adaptive Assurances

HITRUST, the information risk management, standards, and certification body, has released HITRUST CSF version 11 to improve mitigations against evolving cyber threats, broaden the coverage of authoritative sources, and streamline the journey to higher levels of assurance. Meditology is an authorized HITRUST external assessor organization and we have a dedicated team of HITRUST experts available to discuss your specific certification needs. Read More

CISA Publishes Cyber Performance Goals for Healthcare

What does it mean to win at cyber risk management? Succeeding in cybersecurity and risk management is not about stopping a single attack or checking a box for compliance or security control implementation accomplishments. It is not about climbing a mountain, planting a flag, and declaring victory. Instead, cyber risk management is a dynamic game where the rules, adversaries, and tactics are constantly changing and evolving. Cyber risk management has become the ultimate endurance sport that requires relentless conditioning, practice, teamwork, and assembling the right equipment, leaders, and gameplan to prevail day in and day out. This blog post provides a playbook for assembling elite healthcare cybersecurity and risk management programs that are built to endure and dominate the game we have all suited up to play. Read More