NIST Makes Passwords a Little Bit Easier

After much research, the National Institute of Standards and Technology (NIST) has determined that we have been doing passwords all wrong! Traditionally, best practice for password use has been a minimum of 6 characters composed of a combination of letters, numbers and symbols, which had to be rotated periodically. To make things more complex, companies typically added rules about how frequently a password could be reused - or prohibited reuse completely. What NIST's research showed is that all th ...

Cyber Hygiene: Are your systems hardened?

Third Rock performs Risk Assessments (Security Risk Analysis) for very small firms to large organizations in healthcare, technical, financial, insurance, oil and gas, and other industries. We know the focus of the assessment needs to be security; therefore, we run an industry standard (NIST based) scan checking computers for vulnerabilities and many variants of compliance.  (NIST stands for National Institute of Standards and Technology) Our findings show that the average covered entity is about 15% co ...

Cloud or Not-to-Cloud; The Allscripts Breach

Allscripts’ Electronic Health Records service was the first major cloud-based EHR to be significantly disrupted by a ransomware attack.  Close to 1,500 practices were affected by the EHR outage for about a week; essentially shutting down those practices.  Allscripts was hit by the SamSam virus which was launched in December 2016, crippling two of their North Carolina data centers.  Angry customers voiced their displeasure on social media and a class-action lawsuit has been filed. Hackers have been r ...

Internet of Medical Things:  Real Security Threat or Hype?

For decades, healthcare medical devices functioned as freestanding tools. Glucometers, lasers, infusion pumps, pressure monitors, neonatal incubators, heart monitors – each serving its unique function independently of the others. With the widespread implementation of electronic health records (EHRs), however, and the push for increased digitization of health information, these devices have increasingly been networked into the patient information ecosystem.  They now transmit PHI between a myriad of syste ...

Practical Steps to Protect Your Data!

Being in the business of helping our customers protect their data, my email inbox is filled with news of cyber breaches and the latest, state of the art, machine learning artificial intelligence cybersecurity systems!  I think there is an “arms race” between the security products firms and the cyber criminals.  Feels like the criminals are winning, but they have a target rich environment.  Those defending against the hackers have to be correct 100% of the time while the criminals only have to fin ...

Shortage of Qualified Cybersecurity Workers: “…the greatest cyber risk of all.”

The 2017 Global Information Security Workforce Study (GISWS) released in February 2017 forecast a shortage of 1.8 million cybersecurity workers by 2020, while a study by Cybersecurity Ventures estimates “3.5 million unfilled cybersecurity jobs” by 2021. While the projected magnitude of the shortfall varies from one study to the next, government experts, consultants, and pundits alike are unanimous in predicting that the current shortage of qualified cybersecurity workers will only get worse for the ...

Cyber Liability Insurance Becoming More Difficult to Purchase

Hopefully, you've realized one of your pieces of defense in the cybersecurity war is Cyber Liability Insurance or Data Breach Insurance, sometimes called Cyber Insurance.  What you may not know is that cyber liability insurance is getting more difficult to obtain.  Several insurance companies we've spoken with have reported that in 2017, cyber liability claims outpaced other claim types, including medical liability claims!  In very simple terms, this means that cyber liability insurance is costing th ...

2018 The Year of the Meltdown and Spectre

If you don't read about cybersecurity and stolen data everyday then you probably don't read much news.  But, if you scan the news headlines once in a while you're aware of the following: 2014 - The Year of the Cyber Breach 2015 - The Year of the Healthcare Cyber Breach 2016 - The Year of the Cyber Attack (it's common news) 2017 - The Year of Ransomware So, what will 2018 be dubbed?  2018 - The Year of the Meltdown?  Wait, what meltdown?  Or the Year of the Spectre?  Is that a ghost or ...

Protect Your Clients, Your Clients’ Data, and Your Business – a webinar offered by Developmental Services Network

Robert Felps, CEO of Third Rock, is proud to present a cybersecurity webinar - Protect Your Clients, Your Clients' Data, and Your Business - for Developmental Services Network on Thursday, January 18, 2018, 10:30am-11:30am PST. Did you know your client data is worth 50 times more than a credit card number on the dark web? A HIPAA approved client management system does not make you HIPAA compliant, nor does it completely protect your client data. Learn steps to improve your cybersecurity and ach ...

Third Rock Streamlines SECURETexas Privacy and Security Certification

Round Rock, TX – December 19, 2017 – Third Rock, who was awarded preferred vendor status with Texas Health Services Authority (THSA) in August this year, has streamlined the SECURETexas certification process to help healthcare organizations reduce liability by better securing patients’ Protected Health Information (PHI). Third Rock has incorporated the question set for the SECURETexas certification program into CompassDB, Third Rock's compliance management system.  Third Rock has shown that by ut ...

1 2 3 4