Follow us on

BLOG

PCI DSS v4.0 Released: Compliance Requirements for Healthcare Organizations

The PCI Security Standards Council has released the much-anticipated PCI DSS version 4.0 this week. The update is several years in the making and includes significant control requirement overhauls. Healthcare organizations must update policies, procedures, and control requirements to maintain compliance with the new PCI v4.0 standard. This blog post provides details about the new requirements for PCI v4.0 and the timing for compliance for healthcare entities. Read More

Published On April 6, 2022

Shields Up: Russia/Ukraine Cyberwar Preparation & Response for Healthcare

Healthcare organizations are scrambling to adjust their cybersecurity preparation and response capabilities in the wake of potential cyberattacks stemming from the ongoing conflict between Russia and Ukraine. Meditology has been monitoring the situation closely and advising our healthcare clients on the latest threat vectors and response approaches. This blog post provides guidance for US-based healthcare entities for preparing and responding to cyberattacks and cyberwar tactics deployed as part of this ongoing conflict. Read More

Published On March 1, 2022

Healthcare SOC 2 FAQs

Cyberattacks against healthcare organizations and their business associate vendors have begun to threaten patient safety and fundamental business operations. As a result, SOC 2 audit reports have become one of the most common and cost-effective vehicles for healthcare organizations to demonstrate adoption of controls relevant to security, availability, confidentiality, processing integrity and privacy. We have compiled these SOC 2 frequently asked questions to support healthcare organizations and vendors supporting the healthcare ecosystem that are looking to pursue SOC 2 examinations. Read More

Published On January 18, 2022

HITRUST is Shaking Things Up: Details for the New HITRUST i1 Certification and bC Assessment

The demand for healthcare organizations to obtain some form of security certification is at an all-time high due to escalations in breaches across the healthcare industry and its supporting supply chain. HITRUST provides the most widely adopted security certification for healthcare entities with its flagship HITRUST CSF Validated certification. However, not all certifications are created equal, and the industry is outgrowing the one-size-fits-all certification model.  Read More

Published On November 22, 2021

Healthcare Security Risk Assessment & HIPAA Security Risk Analysis FAQs

Are you able to answer these questions about your security risk assessment process? Is a security risk assessment the same as a HIPAA security risk analysis? Does my organization need to assess every individual asset in our environment as part of a security risk assessment? Does a security certification like SOC 2 Type II, HITRUST CSF, or ISO count as a security risk assessment? Is a penetration test required for a security risk assessment? Is a HIPAA compliance review or gap assessment the same as a HIPAA Security Risk Analysis? Check out our security risk assessment FAQ to answer these and other related questions. Read More

Published On November 15, 2021

Healthcare CISOs Sound Off, Volume 3: HIPAA Compliance and Risk Management

The CyberPHIx is an audio podcast series that presents expert viewpoints on data security strategies for organizations handling patient health or personal information in the delivery of health-related services. Volume 3 of our "Healthcare CISOs Sound Off" blog series will address HIPAA compliance as part of a larger risk management program. This blog compiles quotes and recordings from some of the industry’s best and brightest leaders related to this important area of focus for healthcare risk management programs. Read More

Published On June 21, 2021

How Hackers Hold Hospitals, and Your Health, for Ransom | WebMD

Article by Paul Frysh, WebMD | Brian Selfridge knew his time was up. From his perch in a locked conference room with the blinds half closed, he could see two members of the hospital IT team rounding the corner with what looked like a clear sense of purpose. He suppressed a smile as he watched the pair running circles around each other. One of them -- brow furrowed, eyes buried in an open laptop -- walked right past his room, saying, "He's right here! He's got to be!" Read More

Published On April 26, 2021

Featured Blog Posts

Choosing the Right Security Framework: Why One Size Doesn’t Fit All (and How to Fill the Gaps)

Read

HIPAA Security Rule 2.0

Read

The Future of HIPAA Regulations

Read

Cloud Security Risk Assessments Instrumental in Transforming Healthcare Organizations’ Cloud Security Posture

Read
Keep Up
With Meditology
Be the first to receive exclusive IT risk management updates.