Follow us on

BLOG

Shields Up: Russia/Ukraine Cyberwar Preparation & Response for Healthcare

Healthcare organizations are scrambling to adjust their cybersecurity preparation and response capabilities in the wake of potential cyberattacks stemming from the ongoing conflict between Russia and Ukraine. Meditology has been monitoring the situation closely and advising our healthcare clients on the latest threat vectors and response approaches. This blog post provides guidance for US-based healthcare entities for preparing and responding to cyberattacks and cyberwar tactics deployed as part of this ongoing conflict. Read More

Published On March 1, 2022

Case Study: Ransomware Locks Up 80% of 54-Hospital Health System

The U.S. Department of Health and Human Services (HHS) recently published an insightful ‘lessons learned’ document that chronicles a large-scale ransomware attack on the Health Service Executive (HSE) of Ireland. This blog provides a summary of the ransomware event, insights from HHS, and analysis and recommendations from Meditology based on our experience with helping healthcare organizations prevent and respond to ransomware attacks. Read More

Published On February 14, 2022

Healthcare SOC 2 FAQs

Cyberattacks against healthcare organizations and their business associate vendors have begun to threaten patient safety and fundamental business operations. As a result, SOC 2 audit reports have become one of the most common and cost-effective vehicles for healthcare organizations to demonstrate adoption of controls relevant to security, availability, confidentiality, processing integrity and privacy. We have compiled these SOC 2 frequently asked questions to support healthcare organizations and vendors supporting the healthcare ecosystem that are looking to pursue SOC 2 examinations. Read More

Published On January 18, 2022

Urgent Alert: Log4j Java/Apache Logging Vulnerability

A far-spanning zero-day vulnerability was exposed this week for the ubiquitous open-sourced logging utility called Log4j. Meditology is actively working with our clients and the third-party vendor population to understand the extent of deployment of Log4j and the impact and risk exposure it may create for healthcare organizations. This blog provides a short summary of the Log4j vulnerability as well as recommendations for remediation and risk mitigation for organizations and their third-party vendors. Read More

Published On December 16, 2021

HITRUST is Shaking Things Up: Details for the New HITRUST i1 Certification and bC Assessment

The demand for healthcare organizations to obtain some form of security certification is at an all-time high due to escalations in breaches across the healthcare industry and its supporting supply chain. HITRUST provides the most widely adopted security certification for healthcare entities with its flagship HITRUST CSF Validated certification. However, not all certifications are created equal, and the industry is outgrowing the one-size-fits-all certification model.  Read More

Published On November 22, 2021

Healthcare Security Risk Assessment & HIPAA Security Risk Analysis FAQs

Are you able to answer these questions about your security risk assessment process? Is a security risk assessment the same as a HIPAA security risk analysis? Does my organization need to assess every individual asset in our environment as part of a security risk assessment? Does a security certification like SOC 2 Type II, HITRUST CSF, or ISO count as a security risk assessment? Is a penetration test required for a security risk assessment? Is a HIPAA compliance review or gap assessment the same as a HIPAA Security Risk Analysis? Check out our security risk assessment FAQ to answer these and other related questions. Read More

Published On November 15, 2021

Take a Pen Test Pill: Inoculation for Ransomware

Ransomware attacks seem to have no end in sight. Many healthcare security leaders are seeing their friends and peer organizations get infected, their vendors are getting infected and spreading ransomware across the supply chain, and it seems like only a matter of time until everyone gets hit. A great deal of attention and energy is appropriately being spent on preparing for ransomware infections and response activities, but isn’t there some way we can prevent or reduce the likelihood of infection in the first place? Read More

Published On October 26, 2021

Healthcare Virtual CISO Success Factors

The talent shortage in cybersecurity has reached critical levels and healthcare organizations are struggling to find and retain qualified personnel. Our team here at Meditology has seen a significant uptick in placing our virtual CISO (vCISO), CISO as a Service, and Staff Augmentation resources out at clients who are struggling to find, place, and train the cyber talent. This blog post provides a collection of best practices for establishing a world-class cybersecurity program using virtual or traditional security staffing models. Read More

Published On October 11, 2021

Featured Blog Posts

The Future of HIPAA Regulations

Read

Cloud Security Risk Assessments Instrumental in Transforming Healthcare Organizations’ Cloud Security Posture

Read

Strengthening Medical Device Resiliency and Supply Chain Risk Preparedness in Clinical Settings

Read

How to Build a Resilient Third-Party Risk Management Program

Read
Keep Up
With Meditology
Be the first to receive exclusive IT risk management updates.