New Cybersecurity Agency and Office?

There have been several announcements about cybersecurity agencies and offices lately.  Some announcements are from the Department of Homeland Security (DHS) and some are from Health and Human Services (HHS).  What are they talking about and what does it mean to you?...

2018 Predictions – How Did We Do?

 It is hard to believe we are coming to the end of another year.  Seems like just yesterday we recorded our 7 Educated Guesses About 2018.  Today we review our 2018 predictions, ummmm, educated guesses for 2018 and see how we did.     HIPAA For MSPs by David Sims 2018...

Listener Message Potpourri

Listener message potpourri means we will be hitting several different topics in this episode. We get emails and messages from listeners a lot these days. While we do our best to respond we can’t say we are consistent. That is why we do these episodes...

Certification Is Not What You Think

In the recent NIST OCR security conference, a panel member said the terms “HIPAA compliant” and “HIPAA certified” made her cringe.  We agree.  The Anthem settlement has a lot of people asking about certifications for cybersecurity since Anthem was technically HITRUST...

Anthem Settlement Lessons

The 2015 Anthem data breach could have been a watershed moment for HIPAA privacy and security in many ways.  It remains to be seen if the settlement with OCR turns out to be another one.  Either way, the historic breach and historic settlement have many lessons for us...

5 Horror movie quotes for HIPAA stories

Time for the annual Halloween episode!  5 horror movie quotes are this year’s theme.  We have 5 horror movie quotes that are matched up to HIPAA data breach stories. HIPAA For MSPs by David Sims 5 Horror movie quotes for HIPAA stories 00:00:00 00:00:00 5 Horror Movie...

We are #CyberAware

We are #CyberAware is the tag for the National Cybersecurity Awareness Month campaign.  Each year this campaign is run by the National Cybersecurity Alliance. In 2018, Kardon, Security First IT,  and HMWH are all signed up to be champions and publish information for...

6 Takeaways From The Filming Settlements

What should we learn from the recent OCR filming settlements?  This time it was three settlements in one that related to a fourth.  There is more here than the headline-grabbing dollar amounts.  These settlements are the best specific guidance you can get from OCR....

3 Stories Techs Should Hear

Understanding all of the technical workings of networks and computers is one thing.  Often tech folks will say that they understand HIPAA but what that really means is they understand the technical requirements of HIPAA.  The overconfidence sometimes works against...

CIS 20 and HIPAA

CIS 20 or SANS 20 is the name to reference a list of security controls that are intended to be used in the absence of any framework like NIST or HIPAA requirements.  If you are trying to get the most bang for your buck and you know you are way behind on your security...

How Much Does Trust Matter In Healthcare?

Trust for businesses, especially, healthcare could be the difference maker between success and failure. Have you seen the report about consumer online digital trust and what it means to all businesses? The report,  The Global State of Online Digital Trust  A Frost...

Snooping Is A Serious Problem

I can tell you from experience snooping is a serious problem that haunts all entities with health information to protect.  Even if you don’t know it is haunting you, it is.  You will learn to fear it eventually.  The extent of improper record access (which we will...

Securing Home Networks

Securing home networks matters more now than ever before.  We are a very connected society. That creates great opportunities and new challenges every day.  Especially, for those tasked with securing all that connectivity.  One opportunity that gets a lot of people...

Crisis Communications Plans

We live in a world of instant communications.  During a crisis, our normal standards of communications can be very limited.  How many different issues have you addressed for communications in a crisis in your plans?  We mention the business continuity and disaster...

Cybersecurity Naughty List 2017

As 2017 comes to a close, we are making our lists and checking them twice.  Time to find out who we thought was more naughty than nice this year.  This cybersecurity naughty list discussion includes everything from big news data breaches such as Equifax and Uber down...

Five Phishing Findings From Google

A new report on phishing was recently released titled: Data Breaches, Phishing, or Malware? Understanding the Risks of Stolen Credentials. The report of findings from a study that was done by Google, University of California, Berkeley, and the International Computer...

SOC2 certification is not HIPAA compliance

Recently, we have dealt with our clients struggling with vendors in the vetting process.  Particularly, tech vendors of any sort.  There is a belief that SOC2 covers them for HIPAA.  Many vendors have written off the HIPAA compliance requirements by simply saying “We...

5 Things To Do Before Year’s End

It is hard to believe another year is coming to an end. It is time to review 2017 and plan for 2018.  That means it is time to make your list of 5 Things To Do Before Year’s End. Just in case you need some help with that list, we made one for you! HIPAA For MSPs by J....