The CynergisTek Blog

Read the latest blog posts by CynergisTek’s team of experts related to healthcare security, privacy and compliance. Have a topic that you would like us to cover? Email us to tell us what you are interested in.

What Can Be Done About Drug Diversion?

A Growing Problem for Healthcare Organizations The opioid crisis and drug addiction are not just among criminals. The issue is growing among all segments of the population including healthcare workers. This is a multi-faceted

By |February 22nd, 2018|

2017 Workshop Recap

2017 was an active year for healthcare IT professionals. 78% of healthcare providers experienced a ransomware or malware attack, and many of these attacks reinforced the fact that an attack can send an organization

By |January 19th, 2018|

HIPAA Enforcement: 2017 Year in Review

2017 will go down as a change year for Health Insurance Portability and Accountability Act (HIPAA) enforcement of the Privacy, Security, and Breach Notification Rules. This comes on the heels of 2016, which saw an unprecedented level of enforcement actions, with 13 total settlements and nearly a 300% increase in total collected fines over 2015. In 2017, nine compliance reviews were settled with resolution agreements in addition to a HIPAA enforcement action in which a civil monetary penalty was levied. A total of $19.4 million in fines and penalties were collected in 2017 by OCR through its enforcement actions.

By |January 5th, 2018|

Guide to Proactive Access Monitoring and Auditing Under the HIPAA Security Rule

Monitoring and auditing of access to protected health information by many organizations is prompted by patient complaints or some other event triggering the need to conduct an investigation. This is reactive or for-cause access monitoring and auditing which is necessary but organizations should also be doing proactive, not-for-cause auditing and monitoring. Under HIPAA Security Rule, covered entities and business associates have an obligation to have policies and procedures in place to prevent, detect, contain and correct security violations. 45 CFR 164.308(a)(1)(i).

By |December 6th, 2017|

What is the NH-ISAC 90-Day DMARC Challenge?

Healthcare organizations are more vulnerable to phishing attacks as the average maturity of security controls and training is less than that of other industries, such as banking. Successful phishing attacks rely heavily on emails with either spoofed or similar-looking domain names. Emails originating outside of an organization’s domain but with similar domains can be flagged as an external email to alert the end-user. Unfortunately, emails with spoofed domains require technical controls to identify and divert to a spam folder.

By |December 4th, 2017|