Verify Your HIPAA Compliance and Test Your OCR Audit Readiness CynergisTek offers an OCR Mock Audit service designed to verify healthcare organizations’ compliance with HIPAA Privacy, Security and Breach Notification Rules, and test
The Office for Civil Rights (OCR) sent a notice that warns of a phishing email scam. The email is for an audit notification and appears to be legitimate at first glance, as it is on an HHS letterhead and includes Director Samuels' signature. Please read OCR's notice below to learn what to watch for if you receive this type of email.
The University of Massachusetts at Amherst (UMass) agreed to a settlement with the Office for Civil Rights (OCR) over allegations that it had violated the HIPAA Privacy and Security Rules after a 2013 incident that resulted in the unauthorized disclosure of patient information of 1,670 individuals. The settlement includes a $650,000 penalty and a two-year corrective action plan.
There are many important aspects to consider in any given penetration test. I have talked at length in other blog posts about many of these considerations. There is one important aspect I have not written much about. It is critically important to determine the amount of foreknowledge that the tester should get. This aspect has a plethora of names but is almost always referred to with the “box” descriptor. In college, I was taught white box, gray box, and black box as the three levels of disclosure related to a penetration test. Many, including CynergisTek, use the term “crystal” in place of “white”. Really, the names are just descriptors – the concept remains the same and that is what’s most crucial.
Our company has many ties to the military and veterans. CynergisTek’s co-founder and CEO Mac McMillan, himself a 21 year veteran of the Marine Corps and former Director of Defense for two Defense Agencies, recently
Based on recent news and the headline of this article, you are likely expecting this will be a discussion of the irresponsible actions of the MedSec and Muddy Waters organizations that outed St. Jude Medical
Background Around 8:00 p.m. on September 20th hackers who were upset about being outed by Brian Krebs, a well-known security and IT journalist, attacked his website with what was then
Most corporate systems, whether end-user systems or core servers, are guarded by various malicious software protections. These usually present in the form of anti-virus (AV), data-loss protection (DLP), and host-based intrusion detection (HIDS). These protections
Recently, in performing my daily due diligence to keep up with the latest news and changes in information security, one article in particular caught my attention. Its topic of SSL encryption, and the related research,
For many things in health care, if you don’t spend the energy and resources to reduce risks now you will likely pay for it later. However, if you wait until later it will cost more