The GDPR deadline is here – are you ready?

If you are not yet GDPR-ready, you're not alone. Many companies are still scrambling to meet the requirements. Some U.S.-based companies didn't realize the law would apply to them. Others did not realize the full extent of the law - or of their own data collection!  Don't worry - whether starting from scratch or needing to document your current GDPR status, Third Rock's CyberCompass™ streamlines the assessment process and automates the report generation, making it possible for Third Rock to give you ...

Key Themes at Texas Health Care Security & Technology Conference

Last month Robert Felps and I were fortunate to attend THA’s inaugural Texas Health Care Security & Technology Conference. Great speakers, wonderful host and facility, collegial atmosphere – a great learning experience overall. Hats off to Fernando Martinez, THA's Chief Digital Officer, and his team for a great couple of days. Here's a brief recap of the key takeaways. REALITY Cyber threats are dynamic. Bill Virtue reminded us that there have been more than 4000 ransomware attacks per da ...

Is Your Security Risk Assessment (SRA) Valid?

We're often told, "I've done a security risk assessment," or "We had one of those done by a company."  When we ask if they have 1) an SRA report, 2) a risk management plan with prioritized corrective actions, 3) a disaster recovery plan, 4) an emergency response plan, 5) a breach notification plan, 6) current training and in use, 7) current policies and procedures; we get blank stares.  We've also performed SRAs after some of the large, "known" compliance consulting firms have performed an SRA.  What ...

Are you Cyber Confident?

In our conversations with healthcare practice managers and CIOs - whether at small-to-medium practices, dental offices, outpatient facilities, or hospitals - we've found that few leaders feel confident in their organization's ability to protect against and respond to cyber threats. Managers of smaller organizations have told us "It's like a monster out there just waiting to get us, and there's nothing we can do about it." Even CIOs at larger organizations who feel confident about having the right technol ...

Overcoming Organizational Roadblocks to Cyber Security 

In many organizations, cyber security is perceived as one of those “important-but-not-urgent” issues that keep getting put off in deference to the pressing issues of the day – insurance denials, staffing, readmissions, patient no-shows, supply shortages…the list goes on.  It’s not that organizational leaders are doing nothing. In most organizations, the basic pieces, such as a HIPAA-compliant EHR, firewall, anti-virus software, and staff training, are all in place. It is these very safeguards ...

Cyber Hygiene: Are your systems hardened?

Third Rock performs Risk Assessments (Security Risk Analysis) for very small firms to large organizations in healthcare, technical, financial, insurance, oil and gas, and other industries. We know the focus of the assessment needs to be security; therefore, we run an industry standard (NIST based) scan checking computers for vulnerabilities and many variants of compliance.  (NIST stands for National Institute of Standards and Technology) Our findings show that the average covered entity is about 15% co ...

Cybersecurity and The Endless List of Compliance

I recently wrote about insurance companies raising the bar on business to protect their valuable data to acquire cyber liability insurance.  But, it's not just insurance companies that are raising the bar. Governments around the globe are now requiring all types of companies to be compliant with some type of standard to better protect the data they possess.  What many people don't realize is these standards are all based on the protection of personal/private/confidential/sensitive/valuable informatio ...

Internet of Medical Things:  Real Security Threat or Hype?

For decades, healthcare medical devices functioned as freestanding tools. Glucometers, lasers, infusion pumps, pressure monitors, neonatal incubators, heart monitors – each serving its unique function independently of the others. With the widespread implementation of electronic health records (EHRs), however, and the push for increased digitization of health information, these devices have increasingly been networked into the patient information ecosystem.  They now transmit PHI between a myriad of syste ...

MACRA Deadline Approaching – Schedule your SRA today!

MACRA Deadline Approaching - Schedule your SRA today! In an effort to help medical practices maximize their Medicare reimbursements by meeting MACRA requirements, Third Rock is offering a 20% discount for our Security Risk Assessment package if you schedule your SRA with Third Rock by December 8th. Our tool, CompassDB, makes doing an SRA fast and easy. Our package offer includes: ✓ Security Risk Assessment and detailed report ✓ A Security Risk Management consultant available onsite or online ...

Third Rock Recognized at Austin Recovery’s 50th Anniversary Event

Third Rock Recognized at Austin Recovery's 50th Anniversary Event Round Rock, TX, July 25, 2017 – On May 5th, Austin Recovery celebrated its 50th Anniversary with a luncheon gala at the Shalom Austin Jewish Community Center in Austin, TX. At the event, they recognized Third Rock, Incorporated and its partner Nivola Healthcare Solutions for their work and donations supporting the organization’s HIPAA compliance activities and related information security practices. Austin Recovery requested Third R ...

1 2