Call Us Today! 1.800.704.3394|

Compliance and Information Risk Management Blog

Cyber Contagions Knock Out Hospital Systems — Prompting Triaging of Cybersecurity to Code Red Status

Typically, when hospitals declare emergencies, it’s for incoming patients—not their own internal computer systems. But, in March 2016, Methodist Hospital in Henderson, Kentucky, declared an emergency.

After being hit by a ransomware infection, the hospital placed a scrolling red alert on its homepage stating: “Methodist Hospital is currently working in an Internal State of Emergency due […]

By |July 19th, 2016|Blog|0 Comments

Exclusive Webinar for American Hospital Association (AHA) Members

On July 27th, 2016, OCR HIPAA investigator will share insider’s view of Office for Civil Rights (OCR) Phase 2 Audit readiness

OCR allows 10 days to respond to a Phase 2 audit request. Are there still gaps in your HIPAA compliance program?   

Similar to Phase 1, the Phase 2 audit protocol includes a comprehensive review of […]

By |July 12th, 2016|Blog|0 Comments

Clearwater Compliance Prepares to Unveil a New Version of IRM|Pro™ Software Suite

Not Just Another Pretty Face!

Within a few weeks, Clearwater will be unveiling new versions of our IRM|Analysis™, IRM|Security™, and IRM|Privacy™ software products designed with enhanced workflow and streamlined efficiency in mind.

The abundance of content and features contained within our suite of advanced, powerful software tools have evolved to the point that we wanted to provide […]

By |June 30th, 2016|Blog|0 Comments

Studies Show CEOs Unwilling to Take Responsibility for Cybersecurity

Who’s Responsible for Cybersecurity? Industry Searches for Clear Answers

We’re now living in what has been called the “era of the mega breach.” Globally, businesses are estimated to lose $445 billion annually due to cybercrime, according to the Center for Strategic and International Studies. What’s more, the overall threat landscape has evolved significantly with respect to […]

By |June 22nd, 2016|Blog|0 Comments

Preview : A Simpler And Better Alternative To The HITRUST Mandate For Third Party Risk Management In Healthcare

Guest post contributed by: Kamal Govindaswamy CISSP, CIPP/US, CCSP   Principal, RisknCompliance Consulting Group

I have written my opinion about HITRUST CSF/RMF and the HITRUST certification mandate starting with my first open letter to the HITRUST Alliance last fall, and subsequently – second and third letters.

More recently, I have been thinking about an alternative approach to […]

By |June 16th, 2016|Blog|0 Comments

Bipartisan House Bill to Create Separate Office of the CISO

A proposed bill to establish the Chief Information Security Officer (CISO) as an organizational peer to the Chief Information Officer (CIO) at the Department of Health and Human Services (HHS) will drive cybersecurity concerns to the top of the list.  If the bill passes, the CISO would have clear separation of duties from the CIO […]

By |June 13th, 2016|Blog|0 Comments

What to Know About OCR Pre-Audit Questionnaires

The Office for Civil Rights (OCR) Phase 2 Audits are definitely underway. In the past five days alone, we have had more than a dozen organizations contact us letting us know that they have received a formal pre-audit questionnaire from OCR. OCR designed the pre-audit questionnaire as a way to build its pool of potential […]

By |June 3rd, 2016|Blog|0 Comments

Health Care Entities “Not Vigilant” on Cybersecurity, Reports 2016 Ponemon Institute Study

$6.2 billion.

That’s the new estimate of how much data breaches cost the health care industry annually, according to a new study by the Ponemon Institute. What’s more, despite the increased frequency of breaches, the study found that “many organizations lack the money and resources to manage data breaches caused by evolving cyber threats, preventable mistakes, and other dangers.” […]

By |May 23rd, 2016|Blog|0 Comments

Move Over Credit Cards — Stolen Medical Records Are Selling for Record Prices on the Dark Web

It’s a sellers’ market for personally identifiable data on the “dark web,” where stolen information is anonymously bought and sold. Like all savvy businesspeople, hackers go where the money is; right now the hottest selling commodity is medical record data—going for as much as $60 per record.[1] […]

By |May 19th, 2016|Blog|0 Comments

President Obama’s 2017 Fiscal Budget Proposal Prioritizes HIPAA Audits

President Obama’s administration submitted its budget proposal for fiscal 2017 earlier this year—indicating a clear funding prioritization of HIPAA compliance audits and other health care initiatives. […]

By |May 12th, 2016|Blog|0 Comments