THT Healthcare Governance Conference 2018

As a board member or executive of a hospital, have you ever wondered exactly what responsibility you have, if any, for security? Not just the physical security of the people who come to the hospital for care, but the protection of their information long after treatment has been given. Are you doing everything in your power to keep patients "cyber safe"? Third Rock is excited to be a sponsor of this year's Healthcare Governance Conference.  Come visit us at table 15 to find out exactly what questions ...

Am I a Data Processor or a Data Controller? – Check the GDPR glossary

Ok, so the GDPR "deadline" has passed, but many of you are still tying up loose ends - or perhaps just discovering that the law applies to you! Whatever the case, don't let confusion over a few terms slow your progress. Some vendors got together to create a great glossary page that defines all the key terms. If you're still uncertain about what you need to do, the official GDPR page summarizes the key points in a dynamic infographic. Need to get GDPR compliant and don't have time or expertise to lea ...

The GDPR deadline is here – are you ready?

If you are not yet GDPR-ready, you're not alone. Many companies are still scrambling to meet the requirements. Some U.S.-based companies didn't realize the law would apply to them. Others did not realize the full extent of the law - or of their own data collection!  Don't worry - whether starting from scratch or needing to document your current GDPR status, Third Rock's CyberCompass™ streamlines the assessment process and automates the report generation, making it possible for Third Rock to give you ...

GDPR – the “Undo” Button for Personal Data?

The European Union’s General Data Protection Regulation (GDPR) goes into effect May 25th, about two weeks from now.  In the news it is often being called "overreaching" and "impractical," but its objective is to place control of personal data back in the hands of the EU citizens.  Maybe I’m “old school” (aka dinosaur), but I believe in privacy and the ability to protect my data.  Why? Look at these recent events. Let’s start with the Facebook breach of 85 million users.  Most people joine ...

Key Themes at Texas Health Care Security & Technology Conference

Last month Robert Felps and I were fortunate to attend THA’s inaugural Texas Health Care Security & Technology Conference. Great speakers, wonderful host and facility, collegial atmosphere – a great learning experience overall. Hats off to Fernando Martinez, THA's Chief Digital Officer, and his team for a great couple of days. Here's a brief recap of the key takeaways. REALITY Cyber threats are dynamic. Bill Virtue reminded us that there have been more than 4000 ransomware attacks per da ...

National Nurses Week 2018 – Nurses: Inspire. Innovate. Influence

Third Rock would like to take this chance to salute the nation's Nurses for their role in patient safety - clinical safety, physical safety, and cyber safety. It's nurses of all types who are on the front lines of protecting patients from cyber threats - such as identity theft. ransomware, and device hacking -  by practicing good "cyber hygiene."  Good job, nurses - THANKS for all you do to keep all of us cyber safe! ...

Third Rock’s New GDPR Assessment Capabilities Expedite Compliance

Third Rock’s New GDPR Assessment Capabilities Expedite Compliance More than half of companies impacted by GDPR are not ready for May 25th deadline   Round Rock, TX – April 26, 2018 – Third Rock, a supplier of cyber risk management software, announced today the launch of its General Data Protection Regulation (GDPR) Risk Assessment, the newest enhancement to its cyber risk management software to help companies become GDPR compliant before the May 25, 2018 deadline set by the European Union ( ...

NIST Makes Passwords a Little Bit Easier

After much research, the National Institute of Standards and Technology (NIST) has determined that we have been doing passwords all wrong! Traditionally, best practice for password use has been a minimum of 6 characters composed of a combination of letters, numbers and symbols, which had to be rotated periodically. To make things more complex, companies typically added rules about how frequently a password could be reused - or prohibited reuse completely. What NIST's research showed is that all th ...

Is Your Security Risk Assessment (SRA) Valid?

We're often told, "I've done a security risk assessment," or "We had one of those done by a company."  When we ask if they have 1) an SRA report, 2) a risk management plan with prioritized corrective actions, 3) a disaster recovery plan, 4) an emergency response plan, 5) a breach notification plan, 6) current training and in use, 7) current policies and procedures; we get blank stares.  We've also performed SRAs after some of the large, "known" compliance consulting firms have performed an SRA.  What ...

The Right Cyber-Talk

I recently taught a cyber security class to a large medical practice.  The goals were to better protect the organization from cyber-attacks and to improve their HIPAA compliance.  This medical practice is a well-run and well-managed business that invests in its employees and is clearly one of the most security conscious practices I have worked with.  The hour-long course covered the cyber security basics including password management, safe Internet practices, phishing, malvertising, and incident resp ...

1 2 3 4 5 6 22