HHS Issues Ransomware Guidance
HHS issued Ransomware guidance recently that clarified that a ransomware attack involving ePHI (electronic Protected Health Information) is a HIPAA breach unless the Covered Entity of Business Associate can demonstrate that there is a low probability that the PHI has been compromised. Ransomware is a […]
OCR Crosswalk Between NIST Cybersecurity Framework and the HIPAA Security Rule
Executive Order (EO) 13636, Improving Critical Infrastructure Cybersecurity was issued by President Obama in 2013, and called for the development of a voluntary risk-based cybersecurity framework (CSF) that is “prioritized, flexible, repeatable, performance-based, and cost-effective.” In response, the National Institute of Standards […]
Vulnerability Assessment vs. Penetration Testing—Which One is Right for You?
Many organizations conduct vulnerability assessments, while fewer conduct regular third-party penetration tests. Both are critical components of a Vulnerability and Threat Management program. Vulnerability assessments identify security vulnerabilities in an environment, such as applications, networks, etc. Testing should produce a prioritized list […]
Business Associate –What Are Your Obligations?
If your company creates, receives, maintains or transmits Personal Health Information (PHI) on behalf of a Covered Entity and is not a member of the Workforce of the Covered Entity, or is a company that provides accounting, legal, processing or administration, data analysis […]