There is no denying that 2016 was the year of determining how to respond to healthcare privacy and security threats. Top headlines included everything from ransomware disrupting hospitals’ ability to care for patients, to negligent insiders’ actions compromising patient information, to business associates not securing its customers’ sensitive data. Throughout the year CynergisTek’s subject matter experts wrote several blog posts to address the latest headlines, incidents, threats and regulatory actions in healthcare. Below are some of our top blog posts and the most popular infographic we published.
Verify Your HIPAA Compliance and Test Your OCR Audit Readiness CynergisTek offers an OCR Mock Audit service designed to verify healthcare organizations’ compliance with HIPAA Privacy, Security and Breach Notification Rules, and test audit readiness. CynergisTek’s OCR Mock Audit service is engineered to simulate the actual experience of a random audit conducted by the Office of Civil Rights (OCR), and is administered with the same strict approach and document requests as OCR to ensure audit readiness.
The Office for Civil Rights (OCR) sent a notice that warns of a phishing email scam. The email is for an audit notification and appears to be legitimate at first glance, as it is on an HHS letterhead and includes Director Samuels' signature. Please read OCR's notice below to learn what to watch for if you receive this type of email.
Clyde Hewitt Brings More than 30 Years of Operational and Executive Leadership Experience to Healthcare IT Security Firm Austin, Texas, August 2, 2016 — CynergisTek today announced that it has expanded its executive team with the addition of Clyde Hewitt as Vice President of Security Strategy. Hewitt brings more than 30 years of relevant experience to his new role. He will provide strategic direction for the company’s information and cybersecurity services and take an active role in new business development. Hewitt will also serve as senior security advisor to the company’s growing roster of healthcare clients.
Recently introduced legislation aims to establish the office of the CISO within HHS independent from the CIO. This move mirrors a trend seen in private-sector organizations and would allow the CISO to be a peer of the CIO, rather than a subordinate. According to Mac McMillan, CEO of CynergisTek and former director of security at the Department of Defense, this type of structure is common in the federal government. In a recent interview with InfoRiskToday, McMillan said, “I support this proposal. I think it’s a great idea. In some other parts of the government, including the DoD, the CISO or director of security is on par with the CIO and has an equal voice.”
CynergisTek participated in HIMSS16 this year as both an exhibitor and as a speaker for two educational sessions. Thank you to everyone that came to our booth and sorry to those that we missed.
CynergisTek Extends Virtual CISO Service to Business Associates; Adds GetWellNetwork to Growing Client Portfolio
Healthcare Data Privacy and Security Firm Meets Demand for HIPAA Expertise and Audit Support by Business Associates Austin, Texas, November 17, 2015 — CynergisTek™, an authority in health information security, privacy, and compliance, today announced that it has extended its Virtual Chief Information Security Officer (vCISO) Service to serve business associates (BAs) of healthcare provider organizations, as well as covered entities. The service integrates CynergisTek’s experienced security professionals into an organization’s existing information security program to ensure effective management and regulatory compliance. Additionally, the company announced that GetWellNetwork, the leader in Interactive Patient Care™ (IPC) solutions, is the first BA to employ its vCISO service for expert support and advisement on maturing and managing its information security program.
CynergisTek CEO to Participate in Two HIMSS Privacy & Security Forum Sessions Date: December 2 | Location: Boston | Presenter: Mac McMillan As a part of CynergisTek’s commitment to providing education and information to the healthcare IT industry, we are proud to announce that our CEO Mac McMillan will support two sessions at the HIMSS Privacy & Security Forum Boston next month. In the first session, McMillan will be leading a panel of experts that includes Cris Ewell, CISO of Seattle Children’s Hospital, James Noga CIO of Patners HealthCare, John Houston, VP, Privacy and Information Security & Associate Counsel of UPMC, and Anahi Santiago, CISO of Christiana Care Health System. This leadership panel, “What Keeps You Up at Night?”, will discuss some of the biggest challenges that information security programs face and provide guidance on how to address these challenges. Some of the challenges include the internet of things,Zero Day Threats, incomplete data log information, contract employees with access to PHI and insufficient policies and procedures for securing medical devices. Attendees will also have the opportunity to ask their toughest questions and talk about their biggest challenges with this panel of experts.
Limited Time Offer: Choose Your Phishing Assessment Campaign Did you know that phishing is one of the most common cyber attacks in the industry? We’ve seen phishing be the cause of several recent breaches, including the mega breach Anthem had earlier this year. The first step to fighting the phishing threat is creating awareness and knowing what to look for in suspicious emails. To help the industry fight back, CynergisTek has a limited time offer* available on four select phishing assessment campaigns. Choose the offer that best fits for your organization’s needs and receive 25% off the standard price.* All four programs span over one year and can test up to 2,500 email addresses each time. Protect your security program by empowering employees with the knowledge they need to avoid becoming a victim of a well-crafted phishing attack. But don’t wait to select your campaign. Offer ends soon and is subject to availability.
AHS Expands Partnership with CynergisTek with Phishing Assessment Austin, Texas, October 6, 2015 — CynergisTek™, an authority in health information privacy, security and compliance, today announced that Atlantic Health System, one of the largest non-profit health care organizations in New Jersey, has expanded its security services engagement with the company. The system recently completed CynergisTek’s Phishing Assessment program to evaluate its overall susceptibility to phishing attacks using realistic scenarios and comprehensive perimeter evaluations that identify areas of vulnerability. Findings from the exercise provided the organization with a baseline understanding of its workforce’s ability to identify suspicious emails and valuable insight into how far in the phishing net they swam.