The GDPR deadline is here – are you ready?

If you are not yet GDPR-ready, you're not alone. Many companies are still scrambling to meet the requirements. Some U.S.-based companies didn't realize the law would apply to them. Others did not realize the full extent of the law - or of their own data collection!  Don't worry - whether starting from scratch or needing to document your current GDPR status, Third Rock's CyberCompass™ streamlines the assessment process and automates the report generation, making it possible for Third Rock to give you ...

An alternative approach to the cyber security talent shortage

Our CEO would contend there is an alternative approach to the cyber security talent shortage.  Most breaches occur because computer systems are easy to breach and people make mistakes.  Compare the number of breaches based on operating systems.  Linux and UNIX variants are more difficult to breach than Windows, especially, if you keep them patched.  Which means we need to focus some time and effort on Windows, shoring up its weak defenses.  The good news is, Windows and Linux can be hardened far m ...

Cybersecurity and The Endless List of Compliance

I recently wrote about insurance companies raising the bar on business to protect their valuable data to acquire cyber liability insurance.  But, it's not just insurance companies that are raising the bar. Governments around the globe are now requiring all types of companies to be compliant with some type of standard to better protect the data they possess.  What many people don't realize is these standards are all based on the protection of personal/private/confidential/sensitive/valuable informatio ...

MACRA Deadline Approaching – Schedule your SRA today!

MACRA Deadline Approaching - Schedule your SRA today! In an effort to help medical practices maximize their Medicare reimbursements by meeting MACRA requirements, Third Rock is offering a 20% discount for our Security Risk Assessment package if you schedule your SRA with Third Rock by December 8th. Our tool, CompassDB, makes doing an SRA fast and easy. Our package offer includes: ✓ Security Risk Assessment and detailed report ✓ A Security Risk Management consultant available onsite or online ...

MACRA 2017 deadlines are coming. Do you have a Security Risk Assessment scheduled before December 31st?

Right now the healthcare industry is in the final race to complete the requirements for MACRA, the new reimbursement scheme for Medicare. Thousands of dollars are at risk – failing to satisfy the MACRA requirements in 2017 will result in payment reductions for all of 2019! Submerged within the 2,398 pages of MACRA lies a key requirement for eligibility - completing a security risk assessment (SRA). The SRA is a “core requirement.”  Without an SRA, a healthcare practice can undo all their other eff ...

It is Time for Us to Take Control of Our Data!

The EquiFax breach really has me angry.  Mostly because I have no control over any aspect of this mess.  EquiFax scoops up data on all of us without our consent.  They seem unaccountable and untouchable.   With a last name like mine, I’ve had many opportunities to dispute incorrect data on my credit reports, which is always time consuming and irritating.  They make it known how unimportant you are and assume you are “guilty” unless you prove otherwise.  They collect data on all the people in th ...

Healthy Skepticism – Your Best Cyber Defense

It's no longer news that most of us are uber-connected. We use phone apps for weather, meditation, mapping, games, travel, texting, and more.  Online management of home devices, including thermostats, coffee makers, and alarm systems make it possible for us to remotely control many aspects of our lives. These technologies offer previously unthinkable convenience – and a great deal of risk to their owner's physical and information security. Healthcare, too, is becoming more connected for all the s ...

Cybersecurity: It’s a healthcare risk issue

Wannacry may be the best thing that has happened to the healthcare industry in a long time. It brought to light just how terrible a job the industry does in protecting patients from identity theft.  That's what it means to lose a patient's protected health information or PHI. PHI is now a currency on the black market.  It is worth over a 100 times the value of a credit card record.  If you're a covered entity (healthcare plan, healthcare clearing house, or healthcare provider) or a business associate ...

Missing the HIPAA Target – Part 4

In my first blog of this series, I stated that the intent of HIPAA was not to make you an expert on regulations, but to guide you to be risk management proficient, which is the ability to recognize threats and risks to your practice and manage them to eliminate or minimize their impact.  The next installment was accountability; taking ownership and delivering verifiable results.  This was followed by the importance of training.  What is the next? Well, you need to know how to identify risks and th ...

Care Disruption – The Ultimate Security Risk

We in the cybersecurity and HIPAA compliance communities talk a lot about breaches and fines and total costs of breach remediation - yadda, yadda, yadda. All non-trivial realities to be sure, but when the WannaCry ransomware attack paralyzed hospitals and physician practices and pharmacies and surgery centers around the globe, I was thinking about the members of the care team. Elective surgeries can be postponed and lots of routine wellness services, such as eye exams and hearing tests and school physic ...

1 2