“Oftentimes people feel that if you’re compliant, you must be, by definition, secure,” says Bob Chaput, founder and CEO of Clearwater Compliance, a Nashville supplier of compliance and cyber-risk services. “It’s not true. Similarly, you can be very secure but not compliant with certain regulations. So we encourage organizations to think about not only those two risks, which are inextricably linked, but also about other risks with which they’re linked or they may trigger. For example, financial risk or reputational risk, or the risk if you don’t have the ability to attract and retain talented people.”

“There is no such thing as 100% compliance or 100% security, but prudent organizations and people put forth ongoing good-faith effort to be on top of both,” Chaput says. “The changing and dynamic threat landscape demands it.”

Read the entire article at HealthLeaders Media.