There have been a slew of healthcare organizations that have experienced data breaches over the past decade. Some of those are mundane: misprinted and mismailed information or a phone call to the incorrect recipient. However, as healthcare organizations become increasingly sophisticated and use more technology more often to support operations, errors or attacks against that […]
The 10 Worst Healthcare Data Breaches of All Time (U.S) Read More »
HITRUST just released its 11th version of HITRUST cybersecurity framework or HITRUST CSF. One of the major changes in version 11 is the removal of the HITRUST bC assessment and its replacement with the new HITRUST e1. Let’s dive into some high-level information about what the HITRUST e1 assessment is, why an organization would pursue
Understanding the New HITRUST e1 Essentials Certification Read More »
A HIPAA Risk Assessment, or a HIPAA Security Risk Assessment more precisely, is a mandatory requirement for Covered Entities and Business Associates in their HIPAA Security Rule compliance journey. HIPAA Security Risk Assessments can be straightforward, but it’s critical to understand what to review, how, and against what frameworks. Let’s dive into what a HIPAA
8 Steps to a Proper HIPAA Risk Assessment Read More »
An ISO 27001 Gap Assessment, also known as an ISO 27001 gap analysis, is performed by the business at the very beginning of its ISO 27001 certification journey. The ISO 27001 gap assessment provides an overview of the organization’s ISMS operational status, as well as provides insight into any corrective action plans (CAPs) that must
Are ISO 27001 Gap Assessments Worth It? Read More »
When the Health Insurance Portability and Accountability Act of 1996 was first drafted, the internet and electronic data were seen by many as a passing fad. In the 27 years since then, not only has the internet become a major force in most peoples’ lives, electronic Protected Health Information, or ePHI, is the primary modality
ePHI for Healthcare: Everything You Need to Know Read More »
The PCI Data Security Standards were recently updated to version 4.0. PCI DSS v4.0 was officially released on March 31st, 2022 and is replacing PCI DSS v3.2.1. This update to the PCI DSS is the first significant update to the security standards since 2018. Some evolving requirements include new or modified requirements added to the
How to Do PCI Security Awareness Training Right After v4.0 Read More »
Whether to start down the path to ISO 27001 certification is a difficult and important decision for any company. In addition to our deep dives on the cost of ISO 27001 and how it compares to SOC 2, we’ve compiled this list of answers to the 19 most common questions we get about the ISO
ISO 27001 Certification: 19 Crucial Questions Answered Read More »
The HITRUST Common Security Framework (CSF) was created by the Health Information Trust Alliance (or HITRUST Alliance) to provide a formal certification process for an information security program. HITRUST certification provides a high degree of confidence in the verified ability of an organization to meet its regulatory compliance needs and ability to implement reasonable safeguards.
HITRUST Certification: 15 Important Questions Answered Read More »
If you’ve reached this page you’re likely wondering: how do I provide independent verification and validation of my organization’s security controls? Both HITRUST certification and a SOC 2 assessment are great ways to accomplish that need. Both accomplish that in completely different ways: In this article, I’ll provide some opinions about why you’d choose one
HITRUST vs SOC 2: Costs vs Benefits Compared Read More »
ISO 27001 certification is an internationally recognized framework that addresses your organization’s ISMS (Information Security Management System) and how seriously your organization takes the security of its data. In deciding to pursue an ISO 27001 certification for your business, one of the first questions that will come up is: How much will this cost? The
Here’s How Much ISO 27001 Certification Costs Read More »
