Shortage of Qualified Cybersecurity Workers: “…the greatest cyber risk of all.”

The 2017 Global Information Security Workforce Study (GISWS) released in February 2017 forecast a shortage of 1.8 million cybersecurity workers by 2020, while a study by Cybersecurity Ventures estimates “3.5 million unfilled cybersecurity jobs” by 2021. While the projected magnitude of the shortfall varies from one study to the next, government experts, consultants, and pundits alike are unanimous in predicting that the current shortage of qualified cybersecurity workers will only get worse for the ...

Cyber Liability Insurance Becoming More Difficult to Purchase

Hopefully, you've realized one of your pieces of defense in the cybersecurity war is Cyber Liability Insurance or Data Breach Insurance, sometimes called Cyber Insurance.  What you may not know is that cyber liability insurance is getting more difficult to obtain.  Several insurance companies we've spoken with have reported that in 2017, cyber liability claims outpaced other claim types, including medical liability claims!  In very simple terms, this means that cyber liability insurance is costing th ...

MACRA 2017 deadlines are coming. Do you have a Security Risk Assessment scheduled before December 31st?

Right now the healthcare industry is in the final race to complete the requirements for MACRA, the new reimbursement scheme for Medicare. Thousands of dollars are at risk – failing to satisfy the MACRA requirements in 2017 will result in payment reductions for all of 2019! Submerged within the 2,398 pages of MACRA lies a key requirement for eligibility - completing a security risk assessment (SRA). The SRA is a “core requirement.”  Without an SRA, a healthcare practice can undo all their other eff ...

HIPAA Compliance is a Business Decision

A couple of weeks ago, I was talking with a technology vendor who is starting to move into the healthcare space. Their technology isn’t used in the creation or manipulation of patients’ protected health information (PHI), but they do store information on behalf of healthcare organizations that could potentially include PHI. They wanted to know, “Are we required to comply with HIPAA?” Technically – yes. On the other hand, there are hundreds of healthcare organizations and healthcare vendors who act ...

Could this breach have been prevented? – A new series

Could this breach have been prevented? – A new series One of the first lessons of process improvement is that preventing errors is much less expensive and time-consuming than remedying the damage after the fact. The same is true for an information breach. The time and cost for installing new software, training staff members, and reinforcing policies and procedures pales in comparison to cleaning up the damage of an information privacy or security breach. Recent headlines of multi-million-dollar ...

Flooding: Are You Prepared?

Here in Texas, the Gulf Coast is about to take a direct hit from a hurricane that is expected to dump up to 30 inches of rain in some locations and up to 10 inches across large areas. That kind of rain will definitely cause serious flooding.  It's a little late for the Texas coastal bend area and the large inland areas that will be hit the hardest to take planning steps for disaster recovery. They're in emergency evacuation mode already, protecting life and reducing property damage. What we can learn from ...

Incidental Exposures – What are they and what is their impact?

A number of customers contacted me recently concerning possible breaches and what they should do.  After reviewing their situations, these were actually incidental exposures.  What is an incidental exposure? It is a secondary use or disclosure that cannot reasonably be prevented, is limited in nature, and that occurs as a result of another use or disclosure that is permitted by the Rule.  Typical examples of such in the healthcare setting include conversations between patients and doctors where comp ...

Cybersecurity: It’s a healthcare risk issue

Wannacry may be the best thing that has happened to the healthcare industry in a long time. It brought to light just how terrible a job the industry does in protecting patients from identity theft.  That's what it means to lose a patient's protected health information or PHI. PHI is now a currency on the black market.  It is worth over a 100 times the value of a credit card record.  If you're a covered entity (healthcare plan, healthcare clearing house, or healthcare provider) or a business associate ...

Third Rock Recognized at Austin Recovery’s 50th Anniversary Event

Third Rock Recognized at Austin Recovery's 50th Anniversary Event Round Rock, TX, July 25, 2017 – On May 5th, Austin Recovery celebrated its 50th Anniversary with a luncheon gala at the Shalom Austin Jewish Community Center in Austin, TX. At the event, they recognized Third Rock, Incorporated and its partner Nivola Healthcare Solutions for their work and donations supporting the organization’s HIPAA compliance activities and related information security practices. Austin Recovery requested Third R ...

Missing the HIPAA Target – Part 5 and Last of the Series

In this series I have tried to capture key steps to enable successful implementation of critical HIPAA elements.   Right or wrong, HIPAA has become the recipe for cybersecurity for healthcare.  But because of the legacy of HIPAA, the majority of providers do not take it seriously.  If you are not taking cybersecurity seriously, you are heading for a train wreck! This series has emphasized: Being risk management proficient rather than being a "HIPAA Expert". Being accountable, which means ...

1 2