ControlScan Blog

Stay informed with the latest security + compliance updates, news and best practices.



  1. Home
  2. ControlScan Blog

HIPAA Compliance and the Million Dollar Laptop

August 14, 2020Published by

I must admit that when I sat down to write this blog post I felt a bit silly writing out the title “The Million Dollar Laptop.” This is not a post about a wildly overpriced and new, barely changed, or updated piece of tech that Apple is releasing, or some exorbitant gaming laptop that you are hoping to purchase to play Fortnite or Minecraft. No, this is about the simple neglect of a lost device. Neglect that cost a healthcare organization $1,040,000.00.

  Read More   

Building Healthcare Data Security into Your HIPAA Compliance

July 14, 2020Published by

In the world of healthcare, like any business environment, there is an important difference between being secure and being compliant. Sure, healthcare data security and HIPAA compliance share similarities, but one does not equal the other. Here’s how to build healthcare data security into your HIPAA compliance.

  Read More   

Healthcare Data Security Requires Active Monitoring and Management

April 13, 2018Published by

As a security consultant, I’ve been in a lot of hospitals, clinics and practices—and I’ve seen a lot of “worry” over the cybersecurity threat landscape. I’d like to see more of this worry translate into action, because it’s just not happening.Other than worry, what can healthcare institutions and their IT/IS leaders do to protect electronic personal health information (ePHI)? I have been part of three major healthcare breaches and post-breach forensics revealed that two of them could have been limited in scope if they had been actively monitoring and alerting to changes inside their IT networks.

  Read More   

Healthcare Data on Your Mobile Device

January 26, 2018Published by

This morning I read that Apple is letting you keep your medical records on your iPhone or Apple Watch and it got me thinking: How secure will this data be? How well will people work to protect their personal health data? I am a cybersecurity guy and I am a skeptic, so let me give you some facts and then some things to think about.

  Read More   

Healthcare Data Breaches, Compliance and the HIT “Fear Factor”

January 13, 2017Published by

It’s Friday the 13th and there’s a “fear factor” in health IT. If you don’t know where your HIT organization’s security and compliance weaknesses lie you’re likely feeling that fear—today and every day.But don’t try to fight off cyber criminals with monster spray! Read this blog post and learn how to arm your organization appropriately.

  Read More   

The Healthcare Security Risk Assessment

October 25, 2016Published by

Countless healthcare organizations have been targeted recently by cyber attacks, and many were caught with little to no IT security safeguards in place. The most frustrating thing is that it could have been prevented if proactive security measures had been taken.

  Read More   

Securing Patient Data: Where should your healthcare organization begin?

September 26, 2016Published by

Establishing a strong foundation of patient data security involves surrounding your healthcare organization with the right team of people. Here are five people you want on your side when it comes to fighting data breaches and ransomware.

  Read More   

The Moving Target of Healthcare Cybersecurity

June 3, 2016Published by

2015 became known as “the year of the healthcare breach,” with healthcare hit hard and representing over 39 percent of known breach events. Healthcare organizations of every size are realizing they can no longer afford to ignore the risks they are exposed to on a daily basis. It’s critical that today’s healthcare organizations protect patient […]

  Read More   

Get Ahead of the Bad Guys with Penetration Testing

May 20, 2016Published by

Your Company is Under Attack Your company’s networks are being probed, prodded and attacked countless times every day. Unless you’re watching your logs, you’re likely unaware all this activity is taking place. Awareness, being a critical element of an effective defense, is important to cultivate and nurture. The Science Behind the “Pen Test” How do […]

  Read More   

The 4 Core Tenets of Healthcare Data Security

April 4, 2016Published by

The healthcare industry has become the focus of intentional, targeted attacks. The healthcare data security threat landscape, once characterized by insider carelessness and petty theft, has turned much darker. Healthcare IT professionals have found it difficult to keep up with the broadening attack vectors. It’s no surprise, given the depth and breadth of the typical […]

  Read More   

Preventing Incidental Disclosure and Other PHI Data Loss [Video]

February 26, 2016Published by


Taking care to not disclose patient information is critical to the success of any healthcare organization. In this post and accompanying video clip, I discuss the security issues I commonly run across in the healthcare setting, as well as actionable tips for preventing their occurrence.

  Read More   

Next »



Back to Top