ControlScan Blog

Posts published by: Kurt Osburn



  1. Home
  2. ControlScan Blog
  3. Posts published by: Kurt Osburn

Healthcare Data Security Requires Active Monitoring and Management

April 13, 2018Published by

As a security consultant, I’ve been in a lot of hospitals, clinics and practices—and I’ve seen a lot of “worry” over the cybersecurity threat landscape. I’d like to see more of this worry translate into action, because it’s just not happening.Other than worry, what can healthcare institutions and their IT/IS leaders do to protect electronic personal health information (ePHI)? I have been part of three major healthcare breaches and post-breach forensics revealed that two of them could have been limited in scope if they had been actively monitoring and alerting to changes inside their IT networks.

  Read More   

Healthcare Data on Your Mobile Device

January 26, 2018Published by

This morning I read that Apple is letting you keep your medical records on your iPhone or Apple Watch and it got me thinking: How secure will this data be? How well will people work to protect their personal health data? I am a cybersecurity guy and I am a skeptic, so let me give you some facts and then some things to think about.

  Read More   

Compliance or Security: What are you trying to accomplish?

August 16, 2017Published by

I’ve been an information security assessor (PCI, HIPAA, ISO, etc.) for a long time and it’s always interesting to find out why a company has brought me in to do an assessment.Is the goal to shore up their existing security environment, or just check a compliance box to make one of their clients or vendors happy? The answer to that question will usually determine the assessment’s success.

  Read More   

It’s Time to Redefine the IT Security Perimeter

June 5, 2017Published by

As an IT security assessment professional, my job is to look at companies’ data security zones and their network perimeter compliance. I am looking at the normal stuff: Firewalls, servers and hardening standards as required by PCI, HIPAA, ISO 27001, etc.Without properly implemented and maintained security technologies in place, it’s impossible to protect your perimeter from compromise. But are you truly clear on what that perimeter is?

  Read More   

The WannaCry Ransomware Attack: 5 Things IT Pros Can Learn

May 21, 2017Published by

Last week was a rough one in the IT world, as organizations around the globe scrambled to avoid being caught up in the WannaCry ransomware attack. If your organization was spared this round, it doesn’t mean you should pat yourself on the back and move on, business as usual. Fact is, most organizations aren’t at a state of security maturity that affords them this level of comfort.Read on for my list of 5 things any IT professional can learn from the WannaCry ransomware attack.

  Read More   

Four Common HIT Cybersecurity Gaps You Can Close Now

March 17, 2017Published by

The U.S. Department of Health and Human Services maintains an online database that HIT cybersecurity pros refer to as the “HHS Wall of Shame.” It’s an exhaustive listing of all healthcare data breaches resulting in the loss of 500 or more PHI records. No one wants to end up there, but the fact is, 318 healthcare organizations were listed on the HHS Wall of Shame in 2016. Altogether, these breaches were responsible for the loss of more than 16 million records.Understanding the security gaps that could put your organization on the Wall of Shame starts with conducting a proper risk assessment on a regular basis. In my experience, however, most organizations don’t ever get started. Read on to learn about the four common HIT cybersecurity gaps that can put you on the Wall of Shame, and how to close them.

  Read More   

Reviewing Human Security Risk in Your Organization

December 1, 2016Published by

Employees are one of the most overlooked and most dangerous areas of security risk in an organization. The human element is susceptible to all types of attack and error, not to mention their ability to act with malicious intent.While human security risk can never be completely eliminated, it can be significantly reduced. Read this ControlScan blog post to learn how.

  Read More   

The Healthcare Security Risk Assessment

October 25, 2016Published by

Countless healthcare organizations have been targeted recently by cyber attacks, and many were caught with little to no IT security safeguards in place. The most frustrating thing is that it could have been prevented if proactive security measures had been taken.

  Read More   




Back to Top