The CynergisTek Blog

Read the latest blog posts by CynergisTek’s team of experts related to healthcare security, privacy and compliance. Have a topic that you would like us to cover? Email us to tell us what you are interested in.

Ransomware and Other Cybersecurity Threats: What You Should Know

WannaCry, Petya, NotPetya—recent news reports have been filled with coverage of massive ransomware attacks that swept across the globe, wreaking havoc on public utilities, companies, health systems and government offices. Ransomware is a type of malware that prevents or limits access to a system until a ransom is paid. In the face of these attacks and other emerging cybersecurity threats, what can healthcare organizations do to identify vulnerabilities and protect sensitive patient data?

By |July 12th, 2017|

Security Misunderstanding: We Are NOT Good With People

There is no shortage of professionals and experts talking about security, but if you want to understand security, or even just IT in general, you have to understand human beings. The users and those that administer the systems are all people. If one strives to understand and impact security overall, they must fully understand the human condition.

By |July 7th, 2017|

WannaCry Highlights Deeper Issues That Should Make Us All Want to Cry

In the United States, we got lucky, very lucky, that a malware researcher known only as @MalwareTechBlog on Twitter found the “kill switch” domain in the code of the WannaCry ransomware. Had he not found and purchased this domain, effectively neutering the ransomware, I believe that the incident could have been much worse. It was already quite bad around the world with estimates of over 200,000 systems infected including many healthcare providers in the United Kingdom.

By |June 22nd, 2017|

Things Matter: The Internet of Things (IoT) in Healthcare

Recently, incidents involving the internet of things (IoT) have had no shortage of media coverage. In fact, I would suggest that the IoT has become one of the top buzzwords in IT right now. Large, more mature organizations have started to realize the growing attack surface that IoT is creating for the enterprise they manage, but whether large or small organizations are feeling the pressure to allow IoT on their networks even though in many cases they are not equipped to deal with it effectively. In healthcare, this is particularly troubling as IoT attacks generally cause some form of disruption which can affect both operations and patient safety.

By |June 13th, 2017|

CynergisTek’s CAPP Program is Affordable Security Solution for CIOs

CynergisTek is committed to creating awareness and providing education to the industry to help the industry move forward. As such, we are proud to support CHIME and help advance the role of the CIO and other senior executives in health IT. Recently, CHIME discussed the value of its Cooperative Member Services Program and how it benefited Brian Sterud, CIO at Faith Regional Health Services.

By |June 12th, 2017|

Why is Risk Management Such a Challenge?

If one lesson is clear from the constant stream of recent settlements announced by the Office for Civil Rights, it is that covered entities are not implementing risk management plans to reduce risks to protected health information (PHI) to an acceptable and appropriate level. The frequency of seeing the same finding is a strong indicator of a more systemic issue – that organizations could use more detailed guidance on how to manage risks.

By |May 18th, 2017|

Shadow IT: The Darkness Looming in the Enterprise

In your midst is a shadowy network of illicit devices poisoning the carefully controlled ecosystem you and your networking operations team have painstakingly built. Years of toiling with management to fund new initiatives, educating users to act securely, managing policies and procedures with careful and diligent precision are at risk of being rendered useless.

By |May 12th, 2017|

OCR Enforcement Actions: Prioritize HIPAA Security & Vendor Management Requirements

Thus far in 2017, the Office for Civil Rights (OCR) has announced that they have negotiated settlements or levied penalties in seven cases that have resulted in covered entities and business associates paying over $14.3 million. In all but one of these cases, organizations have also been saddled with multi-year corrective action plans in which HHS will exercise oversight of their compliance with the HIPAA standards. At this pace, OCR will eclipse its record-setting performance of 2016 in which there were 13 formal enforcement actions that had covered entities and business associates paying $23.5 million in fines and penalties for HIPAA violations.

By |May 9th, 2017|