For over a decade, the HIPAA Security Rule has required covered entities and business associates to engage in risk analysis and management. But due to the recent surges in data breaches within the healthcare sector, it's time to embrace an information asset-based approach to risk analysis.
Healthcare organizations invest billions of dollars in security solutions to safeguard sensitive patient data—but are those solutions working as intended?
A 2020 report by Cybersecurity Ventures predicted that the healthcare industry will spend $125 billion cumulatively on cybersecurity from 2020 to 2025, growing...
"Stop waiting; start preparing." This is the message from Robert Teague and Thomas Graham of Redspin, a division of Clearwater, regarding the U.S. Department of Defense's Cybersecurity Maturity Model Certification. CMMC is coming, they say, and now is the time to get ready.
It’s not uncommon for hospitals and health systems to have questions about what they need to do when it comes to technical testing to be in compliance with the HIPAA Security Rule. Unfortunately, there is no one-size-fits-all answer for every organization, and there's much more to technical testing than checking a...
Artificial intelligence offers huge opportunities to improve healthcare. Yet with that opportunity comes significant cybersecurity risks.
Healthcare leaders must be equipped to navigate an increasingly complex AI landscape, manage risks and unlock the full benefits of AI to deliver enhanced patient care. During...
The threat landscape has evolved significantly in the past year or so - particularly for small to midsize healthcare entities. Steve Akers of Clearwater says these organizations are particularly vulnerable because their first-line cyber defenders are their highest risk variable.
If you've ever confused the three assessments required under the HIPAA security rule or interchanged one to meet multiple requirements—you're not alone. But knowing the differences is critical because, at best, confusing them is risky and non-compliant, but worse, it leaves gaps in your cybersecurity strategy that...
Struggling to Balance Security and Compliance in Healthcare? See How One Company Succeeded
As an IT leader at a mid-sized healthcare organization, you face immense pressure:
Meet HIPAA, PCI DSS, and other strict compliance regulations
Detect and respond to constant cyber threats
Modernize infrastructure and...
As a fast-growing company with a startup mentality, a mid-sized healthcare company needed a detection and response security solution that acted like an extension of their current team. But they were frustrated by the decline in their existing cyber security reliability.
“Honestly, it was just frustrating. A lot...
As healthcare organizations introduce new technology into their environments, questions often arise as to how and where to allocate resources in order to best reduce cyber risk. This report—a collaboration between KLAS and the American Hospital Association (AHA)—is intended to provide high-level insights into the...
Healthcare Delivery Organizations (HDOs) have valuable health information and need to continuously ensure that technology and information are available to provide essential patient care. Ransomware attackers are sophisticated and opportunistic, understanding that HDOs are lucrative targets because of organizational...
Ransomware attacks on healthcare organizations can be a life-or-death situation. The onset of COVID-19 introduced new risk factors to HDOs, including remote work, new systems to support it, staffing challenges, and elevated patient care requirements. There’s been a great deal of media coverage on the rise of...
It used to be a stray printer on a network, but today shadow IT comes in all shapes and sizes - and poses serious security threats. Jeff Keating and Jaineesh Davda of FormAssembly discuss how to manage shadow IT and protect your critical data.
Resilience, not just compliance, is becoming healthcare's primary goal in managing cyber risk. Moving to a more resilient state requires continuous cyber risk management, which requires knowing how an adversary thinks and attacks to ensure that the appropriate safeguards are in place.
Understanding how your digital health vendors approach cybersecurity, assess and respond to risk, and plan for incident response is critical to protecting your organization. Here is a set of steps to determine if your vendor is serious about their role in protecting patients.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.com, you agree to our use of cookies.
