Blog

Blog

Anthem Breach Learnings: HITRUST Certification Is Not A Replacement for An Enterprise Security Risk Analysis

The recent $16 million HIPAA settlement with Anthem, Inc. in the wake of the 2015 breach of nearly 79 million records, has been well publicized. In this case, the Office for Civil Rights (OCR) found that Anthem failed to take several basic security steps, including conducting a sufficient enterprise wide security risk assessment. A recent […]

Read More

Key Takeaways From the Safeguarding HIPAA Summit – Part 1

The Annual Safeguarding Health Information: Building Assurance through HIPAA Security Hosted by the HHS Office for Civil Rights (OCR) and the National Institute of Standards and Technology (NIST) took place last week in DC. In this post I will discuss key takeaways: Risk analysis continues to be a main focus of OCR enforcement OCR expects larger covered entities […]

Read More

Medical Device Security and CIO Insomnia

During a conversation over drinks with a number of CIOs at a recent healthcare conference, I discovered that the number one concern that keeps most healthcare executives up at night is the security of their medical devices. That was somewhat unexpected, especially following press-grabbing headlines last year about ‘WannaCry’ and other ransomware attacks rendering a […]

Read More

Panaceas, Shiny Objects and the Importance of Managing Risk in a Healthcare Environment–Part 3

Is there a more challenging position anywhere in information security than that of a healthcare organization’s cyber risk management leader? If there is, I can’t think of what it would be. Whether your title is CISO, CSO, CTO, CIO or some variation thereof, the task is daunting. As we mentioned in Part 1 of this series, […]

Read More

Strengthening Your Cybersecurity Ecosystem — One Step at a Time

Every day, it seems, cyber criminals figure out new ways to attack hospitals and compromise patient data and safety. As the number and intensity of cyber attacks on healthcare organizations increase, the task of establishing an effective cybersecurity program can seem overwhelming. The good news is that no matter where an organization is in developing […]

Read More

Panaceas, Shiny Objects and the Importance of Managing Risk in a Healthcare Environment – Part 2

  Healthcare CIOs, CISOs, and other information risk management leaders face daunting challenges when it comes to deciding where to apply their limited resources to make the biggest difference in their organization’s cyber risk posture. As I mentioned in my previous post, healthcare security leaders can be tempted by shiny new objects – i.e., new security […]

Read More

Panaceas, Shiny Objects and the Importance of Managing Risk in a Healthcare Environment–Part 1

You’re the CISO of a healthcare organization and you just sat through an amazing sales presentation by one of your security vendors. You are considering cutting a PO to purchase that new security tool. You’ve been thinking for some time about purchasing tools to close security gaps that you’re aware of and this particular tool […]

Read More
HIPAA Risk Analysis

HIPAA Risk Analysis Tip – Part 5 – Questions & Answers from May 3rd Conversation with Former OCR Director Leon Rodriguez

This entry is part 58 of 13 in the series HIPAA Security Risk Analysis Tips

HIPAA Risk Analysis Tip – Part 5 – Questions & Answers from May 3rd Conversation with Former OCR Director Leon Rodriguez We received almost 100 questions in our May 3rd web event entitled “WHAT OCR EXPECTS IN YOUR HIPAA RISK ANALYSIS: A Conversation with Former OCR Director, Leon Rodriguez”.  We are breaking up the questions and […]

Read More

Thousands of professionals trust Clearwater to bring them the latest news and information on Compliance and Cybersecurity Risk Management.

Show Buttons
Hide Buttons