Security risk management and risk assessments
Ransomware is not a new cybersecurity threat; it has been around for over a decade. But the growing sophistication of this malicious scheme and increasing frequency of attacks have security professionals and law enforcement concerned. In 2015, the FBI issued…
On November 20th, Adm. Michael Rogers, Deputy Director of the NSA and head of the US Cyber Command, testified before the House Intelligence Committee that China and "one or two other countries" had the capability to launch cyber attacks on the U.S. that could shut down the electrical grid and other critical infrastructure systems.
If protecting the integrity of patient health care information were not already sufficient incentive to improve IT security, being HIPAA compliant has perks.
The biggest social engineering threat to organizations is not a specific type of scam, but a general lack of employee awareness.
The risk of a HIPAA risk analysis is in not selecting the right team for the job.
Covered entities and their business associates must conduct periodic HIPAA risk assessments (aka: HIPAA risk analysis) under the HIPAA Security Rule and Omnibus Final Rule. For eligible covered entities, a HIPAA risk assessment is also a core requirement of their…
There are many HIPAA consultants, law firms, software companies, cloud service providers, and others who will happily provide you with a quote for a HIPAA security risk analysis. Neither the HIPAA Security Rule nor the respective references in Meaningful Use…
Redspin now offers a Business Associate Risk Analysis service that helps hospitals and other covered entities understand where their highest BA risk lies so that they can take preventive measures and/or implement contingency plans to mitigate that risk.
This is a painful illustration of the both the seriousness of protecting patient health data and the challenges that healthcare organizations face in comprehensively addressing IT security risk.
Cyber insurance provides an opportunity to address residual risk in your information security program to offset the costs due to a data breach of ePHI. However, individuals polices, coverage and exclusions are highly variable, so just like any security control it's important to understand your security risk profile before an appropriate security insurance policy can be defined. An assessment, such as a HIPAA Security Risk Analysis should be the first step in any insurance policy strategy. Here's why: A) You'll have to do it anyway, B) The safest approach is to avoid a breach in the first place, C) Your risk profile will enable a better tailored policy.