ControlScan Blog

Stay informed with the latest security + compliance updates, news and best practices.



  1. Home
  2. ControlScan Blog

HIPAA Compliance and the Million Dollar Laptop

August 14, 2020Published by

I must admit that when I sat down to write this blog post I felt a bit silly writing out the title “The Million Dollar Laptop.” This is not a post about a wildly overpriced and new, barely changed, or updated piece of tech that Apple is releasing, or some exorbitant gaming laptop that you are hoping to purchase to play Fortnite or Minecraft. No, this is about the simple neglect of a lost device. Neglect that cost a healthcare organization $1,040,000.00.

  Read More   

Building Healthcare Data Security into Your HIPAA Compliance

July 14, 2020Published by

In the world of healthcare, like any business environment, there is an important difference between being secure and being compliant. Sure, healthcare data security and HIPAA compliance share similarities, but one does not equal the other. Here’s how to build healthcare data security into your HIPAA compliance.

  Read More   

What Can COVID-19 Teach Us About Preventing a Security Pandemic?

May 1, 2020Published by

We can learn a lot from the same protective measures that are working to defeat this insidious coronavirus enemy. The parallels are striking between the social and professional measures that are swiftly becoming business-as-usual, and the security measures that should have been business-as-usual all along. Now may be the perfect time to remind ourselves of a few.

  Read More   

Healthcare Data Security Requires Active Monitoring and Management

April 13, 2018Published by

As a security consultant, I’ve been in a lot of hospitals, clinics and practices—and I’ve seen a lot of “worry” over the cybersecurity threat landscape. I’d like to see more of this worry translate into action, because it’s just not happening.Other than worry, what can healthcare institutions and their IT/IS leaders do to protect electronic personal health information (ePHI)? I have been part of three major healthcare breaches and post-breach forensics revealed that two of them could have been limited in scope if they had been actively monitoring and alerting to changes inside their IT networks.

  Read More   

Healthcare Data on Your Mobile Device

January 26, 2018Published by

This morning I read that Apple is letting you keep your medical records on your iPhone or Apple Watch and it got me thinking: How secure will this data be? How well will people work to protect their personal health data? I am a cybersecurity guy and I am a skeptic, so let me give you some facts and then some things to think about.

  Read More   

The WannaCry Ransomware Attack: 5 Things IT Pros Can Learn

May 21, 2017Published by

Last week was a rough one in the IT world, as organizations around the globe scrambled to avoid being caught up in the WannaCry ransomware attack. If your organization was spared this round, it doesn’t mean you should pat yourself on the back and move on, business as usual. Fact is, most organizations aren’t at a state of security maturity that affords them this level of comfort.Read on for my list of 5 things any IT professional can learn from the WannaCry ransomware attack.

  Read More   

New Data Security Warning for FTP Use in Healthcare

April 19, 2017Published by

FTP servers are essential for sharing files and data, but healthcare providers continue to utilize them in an insecure manner. Just last year, the ControlScan Security Consulting team saw this in action within a large healthcare organization. What happens when FTP goes wrong and how can you prevent your FTP server from leaking ePHI? Read on to find out.

  Read More   

Four Common HIT Cybersecurity Gaps You Can Close Now

March 17, 2017Published by

The U.S. Department of Health and Human Services maintains an online database that HIT cybersecurity pros refer to as the “HHS Wall of Shame.” It’s an exhaustive listing of all healthcare data breaches resulting in the loss of 500 or more PHI records. No one wants to end up there, but the fact is, 318 healthcare organizations were listed on the HHS Wall of Shame in 2016. Altogether, these breaches were responsible for the loss of more than 16 million records.Understanding the security gaps that could put your organization on the Wall of Shame starts with conducting a proper risk assessment on a regular basis. In my experience, however, most organizations don’t ever get started. Read on to learn about the four common HIT cybersecurity gaps that can put you on the Wall of Shame, and how to close them.

  Read More   

Healthcare Data Breaches, Compliance and the HIT “Fear Factor”

January 13, 2017Published by

It’s Friday the 13th and there’s a “fear factor” in health IT. If you don’t know where your HIT organization’s security and compliance weaknesses lie you’re likely feeling that fear—today and every day.But don’t try to fight off cyber criminals with monster spray! Read this blog post and learn how to arm your organization appropriately.

  Read More   

The Healthcare Security Risk Assessment

October 25, 2016Published by

Countless healthcare organizations have been targeted recently by cyber attacks, and many were caught with little to no IT security safeguards in place. The most frustrating thing is that it could have been prevented if proactive security measures had been taken.

  Read More   

Securing Patient Data: Where should your healthcare organization begin?

September 26, 2016Published by

Establishing a strong foundation of patient data security involves surrounding your healthcare organization with the right team of people. Here are five people you want on your side when it comes to fighting data breaches and ransomware.

  Read More   

The Moving Target of Healthcare Cybersecurity

June 3, 2016Published by

2015 became known as “the year of the healthcare breach,” with healthcare hit hard and representing over 39 percent of known breach events. Healthcare organizations of every size are realizing they can no longer afford to ignore the risks they are exposed to on a daily basis. It’s critical that today’s healthcare organizations protect patient […]

  Read More   

Get Ahead of the Bad Guys with Penetration Testing

May 20, 2016Published by

Your Company is Under Attack Your company’s networks are being probed, prodded and attacked countless times every day. Unless you’re watching your logs, you’re likely unaware all this activity is taking place. Awareness, being a critical element of an effective defense, is important to cultivate and nurture. The Science Behind the “Pen Test” How do […]

  Read More   

Next »



Back to Top