Stay in the know
THT Healthcare Governance Conference 2018
As a board member or executive of a hospital, have you ever wondered exactly what responsibility you have, if any, for security? Not just the physical security of the people who come to the hospital for care, but the protection of their information long after...
Am I a Data Processor or a Data Controller? – Check the GDPR glossary
Ok, so the GDPR "deadline" has passed, but many of you are still tying up loose ends - or perhaps just discovering that the law applies to you! Whatever the case, don't let confusion over a few terms slow your progress. Some vendors got together to create a great...
The GDPR deadline is here – are you ready?
If you are not yet GDPR-ready, you're not alone. Many companies are still scrambling to meet the requirements. Some U.S.-based companies didn't realize the law would apply to them. Others did not realize the full extent of the law - or of their own data...
BYOD – Do You Know What’s on Your Network?
Is your company allowing employees to bring their own devices and use them to log onto the corporate network? If so, do you know what is happening on your network as well as how many devices are on your network? Recently, I ran a network discovery at a company and...
GDPR – the “Undo” Button for Personal Data?
The European Union’s General Data Protection Regulation (GDPR) goes into effect May 25th, about two weeks from now. In the news it is often being called "overreaching" and "impractical," but its objective is to place control of personal data back in the hands of the...
Key Themes at Texas Health Care Security & Technology Conference
Last month Robert Felps and I were fortunate to attend THA’s inaugural Texas Health Care Security & Technology Conference. Great speakers, wonderful host and facility, collegiate atmosphere – a great learning experience overall. Hats off to Fernando Martinez,...
National Nurses Week 2018 – Nurses: Inspire. Innovate. Influence
Third Rock would like to take this chance to salute the nation's Nurses for their role in patient safety - clinical safety, physical safety, and cyber safety. It's nurses of all types who are on the front lines of protecting patients from cyber threats - such as...

Third Rock’s New GDPR Assessment Capabilities Expedite Compliance
More than half of companies impacted by GDPR are not ready for May 25th deadline Round Rock, TX – April 26, 2018 – Third Rock, a supplier of cyber risk management software, announced today the launch of its General Data Protection Regulation (GDPR) Risk Assessment,...
NIST Makes Passwords a Little Easier
After much research, the National Institute of Standards and Technology (NIST) has determined that we have been doing passwords all wrong! Traditionally, best practice for password use has been a minimum of 6 characters composed of a combination of letters, numbers...
Is Your Security Risk Assessment (SRA) Valid?
We're often told, "I've done a security risk assessment," or "We had one of those done by a company." When we ask if they have 1) an SRA report, 2) a risk management plan with prioritized corrective actions, 3) a disaster recovery plan, 4) an emergency response plan,...