NIST Makes Passwords a Little Bit Easier

After much research, the National Institute of Standards and Technology (NIST) has determined that we have been doing passwords all wrong! Traditionally, best practice for password use has been a minimum of 6 characters composed of a combination of letters, numbers and symbols, which had to be rotated periodically. To make things more complex, companies typically added rules about how frequently a password could be reused - or prohibited reuse completely. What NIST's research showed is that all th ...

Is Your Security Risk Assessment (SRA) Valid?

We're often told, "I've done a security risk assessment," or "We had one of those done by a company."  When we ask if they have 1) an SRA report, 2) a risk management plan with prioritized corrective actions, 3) a disaster recovery plan, 4) an emergency response plan, 5) a breach notification plan, 6) current training and in use, 7) current policies and procedures; we get blank stares.  We've also performed SRAs after some of the large, "known" compliance consulting firms have performed an SRA.  What ...

The Right Cyber-Talk

I recently taught a cyber security class to a large medical practice.  The goals were to better protect the organization from cyber-attacks and to improve their HIPAA compliance.  This medical practice is a well-run and well-managed business that invests in its employees and is clearly one of the most security conscious practices I have worked with.  The hour-long course covered the cyber security basics including password management, safe Internet practices, phishing, malvertising, and incident resp ...

Are you Cyber Confident?

In our conversations with healthcare practice managers and CIOs - whether at small-to-medium practices, dental offices, outpatient facilities, or hospitals - we've found that few leaders feel confident in their organization's ability to protect against and respond to cyber threats. Managers of smaller organizations have told us "It's like a monster out there just waiting to get us, and there's nothing we can do about it."  Even CIOs at larger organizations who feel confident about having the right technolo ...

HIMSS 2018 – Take Aways

I attended the national HIMSS 2018 conference in Las Vegas a few weeks ago.  43,000+ roaming loose in Vegas, primarily in a few hotels and the Sands Expo Center.  It was mayhem.  I attended the Cyber Security Symposium all day Monday.  Six sessions focused on cyber security and best practices.  I then attended the keynote speech by Eric Schmidt, the CEO of Alphabet, the parent company of Google. Tuesday was primarily more sessions and a few minutes out in the expo "acres" wandering around trying to ...

Third Rock Enhances SECURETexas Capabilities

Third Rock Enhances SECURETexas Capabilities Customized to over 20 types of healthcare specialties for better protection of patient information against cyber threats    Austin, TX – March 21, 2018 – Third Rock, a preferred vendor for Texas Health Services Authority (THSA), has further simplified the SECURETexas certification process by offering a unique customized security risk assessment approach based on an organization’s practice area. Third Rock has customized its web-based security ris ...

Third Rock Team Presenting at ISSA Austin

Boost your Cyber Confidence! Get some tips and inspiration when Third Rock’s Julie Rennecker, Robert Felps, and Mike Moran present Healthcare: Transforming an Industry from Cyber Victim to Cyber Confident at the ISSA Austin Chapter meeting tomorrow, March 20. For more information and to register go to: https://www.eventbrite.com/e/austin-issa-march-2018-chapter-meeting-registration-43524591224   ...

An alternative approach to the cyber security talent shortage

Our CEO would contend there is an alternative approach to the cyber security talent shortage.  Most breaches occur because computer systems are easy to breach and people make mistakes.  Compare the number of breaches based on operating systems.  Linux and UNIX variants are more difficult to breach than Windows, especially, if you keep them patched.  Which means we need to focus some time and effort on Windows, shoring up its weak defenses.  The good news is, Windows and Linux can be hardened far m ...

How to Grow Cyber Security Awareness Heroes

The top threat facing any organization today is the staff member working from a computer!  Not because this person intends to do malicious harm to the organization, but because of lack of cyber security awareness and training.  Confirmation of this is MediaPro’s 2017 State of Privacy and Security Awareness Report in which they surveyed over 1,000 people and rated their responses to real-world cyber security questions. Respondents were grouped into 3 “risk profiles” based on their correct answers; ...

Overcoming Organizational Roadblocks to Cyber Security 

In many organizations, cyber security is perceived as one of those “important-but-not-urgent” issues that keep getting put off in deference to the pressing issues of the day – insurance denials, staffing, readmissions, patient no-shows, supply shortages…the list goes on.  It’s not that organizational leaders are doing nothing. In most organizations, the basic pieces, such as a HIPAA-compliant EHR, firewall, anti-virus software, and staff training, are all in place. It is these very safeguards ...

1 2 3 4 5 6 21