ControlScan Blog

Stay informed with the latest security + compliance updates, news and best practices.



  1. Home
  2. ControlScan Blog

Healthcare Data Security Requires Active Monitoring and Management

April 13, 2018Published by

As a security consultant, I’ve been in a lot of hospitals, clinics and practices—and I’ve seen a lot of “worry” over the cybersecurity threat landscape. I’d like to see more of this worry translate into action, because it’s just not happening.Other than worry, what can healthcare institutions and their IT/IS leaders do to protect electronic personal health information (ePHI)? I have been part of three major healthcare breaches and post-breach forensics revealed that two of them could have been limited in scope if they had been actively monitoring and alerting to changes inside their IT networks.

  Read More   

Why Payment Security Innovation is in Hyperdrive

March 29, 2018Published by

Outpacing cybercriminals’ tools and techniques is tough work, and that’s why the payments industry is embracing payment security innovation. ControlScan Executive Chairman Tom Wimsett recently sat down with Jason Oxman, CEO of the ETA, to discuss the challenges facing acquirers, ISOs, processors and payment facilitators as they work to assist merchants with security and compliance.

  Read More   

Healthcare Data on Your Mobile Device

January 26, 2018Published by

This morning I read that Apple is letting you keep your medical records on your iPhone or Apple Watch and it got me thinking: How secure will this data be? How well will people work to protect their personal health data? I am a cybersecurity guy and I am a skeptic, so let me give you some facts and then some things to think about.

  Read More   

Your Penetration Test Cost is About to Go Up

December 12, 2017Published by

Penetration tests have always had a higher price tag, but their overall cost to you is about to increase in 2018. Here’s what’s changing and how you can keep these costs contained in 2018 and beyond.

  Read More   

Phishing Attempts: Increasingly Prevalent and Sophisticated

November 17, 2017Published by

When they’re successful, phishing attempts can have a significant impact on you personally, as well as on your workplace. They begin innocently enough—a seemingly legitimate DocuSign request or email from a friend—but they can quickly turn your world upside down.Avoid becoming a victim of phishing by following these 3 best practices.

  Read More   

ASV Revalidation and the ’53 Yankees

October 30, 2017Published by

On October 5th, 1953, the New York Yankees became the only team in baseball history to win five championships in a row. Today I’m pleased to tell you that ControlScan has passed the PCI Approved Scanning Vendor (ASV) revalidation test, also for the fifth consecutive year!This was no easy feat. Read on to learn how we did it.

  Read More   

Wi-Fi Security Takes a Hit

October 23, 2017Published by

Last week, it was announced that the Wi-Fi security protocol WPA2 has a serious flaw. WPA2 is the current encryption standard; there is nothing generally available that’s known to be more secure.Wi-Fi has become a necessity for businesses everywhere, so disconnecting and waiting for a solution to the current Wi-Fi security flaw isn’t an option. The answer lies in a layered approach to your security efforts.

  Read More   

Minimizing the Human Impact on Data Security

August 28, 2017Published by

These days many organizations do not feel confident about their ability prevent a data breach, mainly because they feel they can’t trust the humans working for them. And for good reason! Cyber criminals continue to exploit the human element, which was blamed for over 400 reported data breaches and 7.6 million+ compromised records in 2016.Regardless of whether the employee is knowingly part of a malicious effort, or is inadvertently involved in allowing an intrusion or other form of unintended disclosure, a breach of valuable data is not what you want to have happen. Therefore, you must minimize the human impact.

  Read More   

Compliance or Security: What are you trying to accomplish?

August 16, 2017Published by

I’ve been an information security assessor (PCI, HIPAA, ISO, etc.) for a long time and it’s always interesting to find out why a company has brought me in to do an assessment.Is the goal to shore up their existing security environment, or just check a compliance box to make one of their clients or vendors happy? The answer to that question will usually determine the assessment’s success.

  Read More   

Next »



Back to Top