March 17, 2017 •
The U.S. Department of Health and Human Services maintains an online database that HIT cybersecurity pros refer to as the “HHS Wall of Shame.” It’s an exhaustive listing of all healthcare data breaches resulting in the loss of 500 or more PHI records. No one wants to end up there, but the fact is, 318 healthcare organizations were listed on the HHS Wall of Shame in 2016. Altogether, these breaches were responsible for the loss of more than 16 million records.
Understanding the security gaps that could put your organization on the Wall of Shame starts with conducting a proper risk assessment on a regular basis. In my experience, however, most organizations don’t ever get started. Read on to learn about the four common HIT cybersecurity gaps that can put you on the Wall of Shame, and how to close them.
Security Assessments • Vulnerability Management
February 19, 2017 •
Your business relies on antivirus technology to keep the bad guys out, all the time and every time. But what if I told you that cybersecurity professionals have been noticing a downward trend in antivirus software effectiveness for a while now?
The fact is, malware has advanced to become more complex and automated, while the malware protection most businesses have come to rely on has not kept pace. What’s next in malware protection for your business?
Endpoint Security • Malware
January 13, 2017 •
It’s Friday the 13th and there’s a “fear factor” in health IT. If you don’t know where your HIT organization’s security and compliance weaknesses lie you’re likely feeling that fear—today and every day.
But don’t try to fight off cyber criminals with monster spray! Read this blog post and learn how to arm your organization appropriately.
Network Security • Security Assessments • Vulnerability Management
January 9, 2017 •
Each information security framework was created for a purpose, but the shared goal is some form of assurance that sensitive data is effectively protected. Unfortunately, compliance requests vary by client and too frequently are based on incorrect assumptions or a check-list mentality that jeopardizes true information security.
Identifying the right security framework (or set of frameworks) for your organization not only provides real information security assurance, it also gives you the opportunity to consolidate the audits you’re conducting or undergoing to save valuable time and money.
December 1, 2016 •
Employees are one of the most overlooked and most dangerous areas of security risk in an organization. The human element is susceptible to all types of attack and error, not to mention their ability to act with malicious intent.
While human security risk can never be completely eliminated, it can be significantly reduced. Read this ControlScan blog post to learn how.
Access Control • Malware • Security Awareness
November 15, 2016 •
Third party relationships make your life easier in a multitude of ways, from streamlining processes, to providing additional human resources, to ensuring operational efficiency. Unfortunately, these relationships also introduce increased business risk related to data security and compliance.
If one or more of your third party vendors doesn’t maintain a strong security posture and is consequently compromised, your business could very well end up sharing the burden of recovery. Read this ControlScan blog post for three steps you can take to lessen your business’s third party risk.
Internet of Things • Network Security