View Past Editions of our Monthly Newsletter

Newsletter Archive

Want to receive our newsletter, The State of Security, Privacy & Compliance, in your inbox each month? Click here to sign up for our mailing list.

2017   |   2016   |   2015   |   2014   |   2013

2017

January

  • CynergisTek Acquired by Auxilio
  • Time for Enlightened Leadership on IT Security in 2017
  • A 2017 Forecast for HIPAA Enforcement
  • Infographic: 2017 Healthcare Security Outlook
  • CynergisTek’s HIMSS17 Activities
  • $475,000 HIPAA Penalty for Delayed Breach Notification
  • New Year, Same Challenges
  • OCR Issues Guidance Emphasizing Importance of Audit Controls

2016

December

  • Designating Hybrid Entity Status Under HIPAA in a University Setting
  • A Practical Guide to Healthcare Disaster Recovery Planning
  • Infographic: CHIME and AEHIS Cybersecurity Survey
  • Penetration Testing Methodologies: In the Clear
  • You’ve Been Breached! Now What?
  • What’s on HHS OIG’s Plan for Scrutinizing Security in 2017?
  • UMass HIPAA Settlement is a Clarion Call to Colleges and Universities
  • Compliance Isn’t Enough: Improving Governance, Risk Management, Compliance
  • What Will Tomorrow Bring for IT Security?

November

  • Athenahealth, Allscripts Websites Down Amid Nationwide Hack
  • CynergisTek Rated Above All Vendors in KLAS Security Advisory Services Report
  • Sorting Out HIPAA vs. FTC Act Requirements
  • Infographic: Effective Healthcare Compliance Programs
  • Benefits of Hiring Veterans in the Healthcare Industry
  • When Business Masquerades as Social Conscience
  • Cybersecurity: Are You Really as Prepared as You Think?
  • A Tale of Two Sites: An Internet of Terrible Things
  • IoT Botnet Strain Released, Successor to Massive Malware Attack on DYN

October

  • Pay Now or Pay Later: The Cost of Privacy and Security
  • What’s Needed: More HHS Guidance, or New HIPAA Security Rule?
  • Infographic: 2016 HIMSS Cybersecurity Survey
  • OCR: Business Associate HIPAA Audits Coming Soon
  • HCCA Healthcare Enforcement Compliance Institute
  • Podcast: Healthcare Infosec with the Expert
  • Using a Battering RAM to Hack

September

  • OCR to Expand Compliance Reviews of Small Healthcare Breaches
  • More Breaches Expose Mental Health, Substance Abuse Data
  • Infographic: HIPAA Compliance & Enforcement
  • Pro Tips on Strengthening Cybersecurity
  • When Sam Wasn’t Sam
  • CynergisTek Continues to Expand Executive Team, Adds Vice President of Audit Strategy
  • MouseJack Hack: Wireless Keyboard & Mouse Lets Bad Guys in the House

July

  • Healthcare Security Threats
  • OCR Audits Resume
  • More Penalty Announcements for Non-Compliance
  • Advanced Assessments (Penetration Testing)
  • CynergisTek Adds VP of Security Strategy to Exec Team

June

  • Crysis Ransomware
  • Medical Device Security to Be Scrutinized
  • Effective Penetration Testing
  • Infographic: Insider Threats
  • Going On the Offensive in Healthcare Cybersecurity
  • White Paper: Third-Party Security and Privacy Risks
  • Value of a Virtual Chief Information Officer (vCISO)

May

  • Podcast: Preparing for Round 2 of HIPAA Audits
  • OCR Issues Guidance on Preventing Vendor Breaches
  • Healthcare Disaster Recovery Critical for Providers
  • New Infographics: 2016 Symantec Internet Security Threat Report and Ponemon Healthcare Data Study
  • Proposed Legislation Would Elevate HHS CISO Role
  • Webinar Recording: Protecting Your Healthcare Organization from Emerging Threats
  • What Impact Will MIPS/MACRA Have on Privacy and Security?

April

  • Protecting Your Network from Hackers
  • Is Ransomware Considered A Health Data Breach Under HIPAA?
  • OCR Issues Two HIPAA Enforcement Actions
  • How Do I Protect Myself From Ransomware?
  • Updated OCR Compliance & Audit Services
  • New Infographic: HIPAA Compliance and Enforcement

March

  • OCR Launches Audit Program
  • Increased Malware Attacks Against Healthcare
  • Ransomware Trends Infographic
  • OCR Enforcement Triggered by A Business Associate
  • Key Takeaways From HIMSS16

February 

  • New Ransomware “Locky”
  • 2016 Outlook of Privacy & Security Infographic
  • Medical Device Guidance
  • More Enforcement Activity for Non-Compliance

January

  • New HIPAA Guidance
  • 2015 Privacy & Security Trends Infographic
  • HIPAA Enforcement Outlook for 2016
  • Cybersecurity Outlook for 2016

2015

December

  • Security message to healthcare vendors, privacy and security updates podcast
  • David Holtzman named in Top 50 HIT Experts
  • Benefits of a CISO infographic
  • Two-factor authentication
  • FBI alerts two healthcare organizations of cyberattacks

November

  • Five things to know about OCR audits
  • Elements of an Effective Privacy & Security Program infographic
  • The high cost of security expenses
  • 25% off phishing assessments
  • Mac McMillan elected to AEHIS board
  • California amends breach notification rule

October

  • Cyber threats compel changes to security
  • Latest enforcement is a 15-year prison sentence
  • Building an effective compliance program
  • Educational information to identify a phishing email

September

  • OCR provides updates on enforcement and audit program
  • The rise of the CISO, new FERPA guidance
  • Cutting costs with better data management
  • CynergisTek news and events

Q&A: When reporting a breach to HHS, do you think it is better to give as many details as possible or do you think it’s good to give a general summary?

August

  • Call to action regarding cybersecurity
  • Medical device security
  • HIMSS Cybersecurity Survey infographic
  • OCR enforcement
  • OCR issues HIPAA factsheet
  • A  primer on encryption
  • Privacy concerns on Healthcare.gov
  • Mac McMillan named as influential Health IT leader

Q&A: Where can my organization find sample policies and procedures that would fulfill the requirements of the HIPAA Rules?

July

  • Medicare fraud
  • New deputy joins OCR
  • Business associate risk infographic
  • Healthcare data security survey findings
  • Tactics to fight phish
  • CynergisTek leadership team grows

Q&A: What technical controls should I implement to enhance the protection of PHI and how can I find out where this data is in my environment?

June

  • CareFirst breaches 1.1M records
  • Latest infographic on breaches
  • Reducing risks with vendors
  • 21st Century Cure bill could change HIPAA

Q&A: What steps should my organization take to get a head start now that OCR has sent out surveys to covered entities? 

April

  • The latest on breaches OCR enforcement and OCR audits
  • News from around HIMSS15
  • Experts’ opinions on proposed Meaningful Use changes
  • CynergisTek’s new BA CAPP program

Q&A: CMS has recently published two major rule makings changing the requirements for the Meaningful Use program. One of these proposed rules seeks to make changes for the 2015 reporting year. What decisions should I make now concerning our attesting to MU this year?

March

  • Mega breaches in the healthcare industry (Anthem and Premera Blue Cross)
  • A look at the HIPAA Security Rule
  • CMS propose Meaningful Use Stage 3 Rule
  • HIMSS 2015
  • Downloadable phishing infographic

Q&A: A health plan that provides benefits to our employees just suffered a mega breach. What are our responsibilities under the HIPAA Breach Notification Rule?

February

  • Anthem breach
  • OCR updates its breach reporting portal
  • Hackers targeting the healthcare industry
  • HIPAA enforcement actions
  • M&A security risks
  • Encryption
  • Evolving role of the healthcare CISO

Q&A: There has been a lot of talk that CMS is going to change the Meaningful Use reporting requirements for 2015. What should we do about our plans to attest for MU in 2015?

January

  • HIPAA Enforcement Outlook for 2015
  • Obama Address Cyber Security
  • Tips to Enhance HIPAA Compliance
  • More State Laws, Top 10 Tech Trends
  • CynergisTek is Supporting Several CHIME Events in 2015

Q&A: How do I report a breach to HHS?

2014

November

  • OCR Emergency Situation HIPAA Guidance
  • Preparing for MU Audits
  • Hiring Vets for Hospital IT
  • Preparing for a HIPAA Audit

Q&A: The recently released HHS OIG Workplan for 2015 identified a project in which some HIPAA covered entities and business associates will be reviewed for their compliance with the Security Rule Contingency Planning Standard. What steps can organizations take to prepare for the possibility of an OIG audit?

October

  • NIST/OCR Conference Takeaways
  • MU Hardship Extension
  • CHIME LEAD Forum Presentation
  • Mobile Health Apps & Wearables
  • Preparing for MU Audits

Q&A: My EHR is hosted (or donated) by another facility. What should I expect if audited under Meaningful Use with respect to a risk assessment?

September

  • Moving Offices
  • New CHIME Association
  • CHS Breach
  • OCR Audit Delay
  • Inc. 5000

Q&A: What should we do about our vendors that say they are not considered a BA and won’t sign a revised BA agreement before the September 23rd deadline?

July

  • New OCR Director
  • BYOD Tips
  • Online Risk Analysis Risks
  • HHS Changes
  • Security Risk Assessment Debate

Q&A: Are Medicaid transportation brokers considered a Business Associate?

May

  • Prepping for OCR Audits
  • CISO’s Biggest Fear
  • Phishing
  • Heartbleed Bug
  • Vendor Management

Q&A: The Omnibus Rule gives patients the right to request a restriction related to procedures if they pay in advance with cash. Is the Covered Entity responsible for respecting this restriction during subsequent interactions with the patient where the health plan may be involved?

March

  • OCR Resuming Audits
  • CISO’s Biggest Fear
  • Phishing
  • Heartbleed Bug

Q&A: The Omnibus Rule gives patients the right to request a restriction related to procedures if they pay in advanced with cash. Is the covered entity is responsible for respecting this restriction during subsequent interactions with the patient where the health plan may be involved?

January

  • Securing PHI as a Business Asset
  • 2013 Technology Trends
  • Private Cloud

Q&A: Would displaying the notice of privacy practices (NPP) on an electronic screen fulfill the NPP regulation? Could other documents be displayed with it?

2013

November

  • David Holtzman Joins CynergisTek
  • Omnibus Rule Guidance
  • Compliance Needs a Strategic Plan
  • Featured Stories

Q&A: Can you explain the security and the accountability factor that covered entities (CEs) must have with their business associates (BAs) now that the Omnibus Rule can be enforced?