Am I a Data Processor or a Data Controller? – Check the GDPR glossary

Ok, so the GDPR "deadline" has passed, but many of you are still tying up loose ends - or perhaps just discovering that the law applies to you! Whatever the case, don't let confusion over a few terms slow your progress. Some vendors got together to create a great glossary page that defines all the key terms. If you're still uncertain about what you need to do, the official GDPR page summarizes the key points in a dynamic infographic. Need to get GDPR compliant and don't have time or expertise to lea ...

The GDPR deadline is here – are you ready?

If you are not yet GDPR-ready, you're not alone. Many companies are still scrambling to meet the requirements. Some U.S.-based companies didn't realize the law would apply to them. Others did not realize the full extent of the law - or of their own data collection!  Don't worry - whether starting from scratch or needing to document your current GDPR status, Third Rock's CyberCompass™ streamlines the assessment process and automates the report generation, making it possible for Third Rock to give you ...

An alternative approach to the cyber security talent shortage

Our CEO would contend there is an alternative approach to the cyber security talent shortage.  Most breaches occur because computer systems are easy to breach and people make mistakes.  Compare the number of breaches based on operating systems.  Linux and UNIX variants are more difficult to breach than Windows, especially, if you keep them patched.  Which means we need to focus some time and effort on Windows, shoring up its weak defenses.  The good news is, Windows and Linux can be hardened far m ...

National Health IT Week – FREE Assessment

It's National Health IT Week and Third Rock is promoting the value of Health IT and its role in protecting your patients, your practice and yourself with a FREE assessment. Just click below to take your free risk assessment to better understand your practice's security risk from cyber threats. It only takes a few minutes! Let's Get Started Join the movement to improve Health IT to improve patients' health.  Checkout our HIPAA and Cybersecurity Resources page at https://thirdrock.com/resources/ ...

Missing the HIPAA Target – Part 4

In my first blog of this series, I stated that the intent of HIPAA was not to make you an expert on regulations, but to guide you to be risk management proficient, which is the ability to recognize threats and risks to your practice and manage them to eliminate or minimize their impact.  The next installment was accountability; taking ownership and delivering verifiable results.  This was followed by the importance of training.  What is the next? Well, you need to know how to identify risks and th ...

Best Defense Against Ransomware is a Good Backup

By now, most have heard or been affected by the WannaCry ransomware that has spread to over 150 countries at last count. The WannaCry ransomware started taking over users' files on Friday, demanding $300 to restore access. Hundreds of thousands of computers have been affected so far. Computer giant Microsoft said the attack should serve as a wake-up call. The first line of defense in this is always having a properly maintained firewall both on your network and on each individual computer system. Ho ...

Cybersecurity: Have you hardened your systems?

We perform HIPAA Risk Assessments (Security Risk Analysis) for very small practices to large healthcare organizations, plus business associates that include software, big data, and marketing companies.  We know the focus of the assessment needs to be security; therefore, we run an industry standard (NIST based) scan checking computers for HIPAA compliance.  (NIST stands for National Institute of Standards and Technology) Our findings show that the average covered entity is about 15% compliant and the ...

Missing the HIPAA Target – Part 2

In my previous blog, I stressed compliance is not about being an expert on HIPAA regulations, but being risk management proficient ― the ability to identify vulnerabilities and threats facing your organization, and to take steps to eliminate, minimize or manage them.  I usually refer to the next step as "ownership", but I’m not really a fan of the term.  A common synonym is "possession".  You can own something, but it doesn’t mean you are committed to taking care of it or ensuring a positive ou ...

HIMSS17 – Are medical devices the weak link in cyber security?

According to a post on HIPAA Journal, 60% of healthcare organizations have already introduced networked medical devices into their technical infrastructure. Networked medical devices are the healthcare version of the “internet of things” (IoT) – smart devices that communicate with applications, such as the EHR, and with one another without human intervention. The problem – many medical devices aren’t cyber-secure!  89% of the organizations reporting the use of networked medical devices also repor ...

Missing the Target of HIPAA

Universally when working with new clients, they tell me, “I can’t learn all these HIPAA regulations and requirements.  I don’t have the time or the desire to be an expert on HIPAA!”  My response is, “That is absolutely correct!  You shouldn’t be an expert on HIPAA; that is my job.  What you and all your staff should be is risk management proficient.” Most times that draws the deer-in-the-headlights stare.  Not much comfort is taken from my response. Usually the conversation proceed ...

1 2 3 4 5