Tag Archives: #CyberAware

HHS Releases HPH Sector Cybersecurity Framework Implementation Guide to Help Healthcare Organizations Leverage NIST Cybersecurity Framework

On March 8, 2023, the U.S. Department of Health and Human Services (HHS) released its HPH Sector Cybersecurity Framework Implementation Guide (the Guide) to help healthcare organizations leverage the NIST Cybersecurity Framework. This Guide is not only a must-read for all healthcare “covered entities,” especially small and midsize organizations, but it is excellent advice for …

Continue reading “HHS Releases HPH Sector Cybersecurity Framework Implementation Guide to Help Healthcare Organizations Leverage NIST Cybersecurity Framework”

FBI, CISA, MS-ISAC Joint Cybersecurity Advisory – #StopRansomware: LockBit 3.0

The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing & Analysis Center (MS-ISAC) routinely release a Joint Cybersecurity Advisory (CSA) as part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail ransomware variants and ransomware threat actors. On March 16, 2023, they …

Continue reading “FBI, CISA, MS-ISAC Joint Cybersecurity Advisory – #StopRansomware: LockBit 3.0”

Dental Practice Responses to Online Reviews Cost $23,000 Settlement with OCR for Impermissible Disclosure of PHI

On December 14, 2022, the U.S. Department of Health and Human Services Office of Civil Rights published a notice of a settlement with a dental practice over disclosures of patients’ protected health information over social media. Here is the full version reproduced below: Date: Wed, 14 Dec 2022Subject: HHS Civil Rights Office Enters Settlement with …

Continue reading “Dental Practice Responses to Online Reviews Cost $23,000 Settlement with OCR for Impermissible Disclosure of PHI”

OCR Releases Video Guidance on Recognized Security Practices for National Cybersecurity Awareness Month

On October 31, 2022, the U.S. Department of Health and Human Services Office of Civil Rights provided guidance titled OCR Releases New Recognized Security Practices Video. This guidance is not only a must-read for all healthcare “covered entities,” especially small and midsize organizations, but it is excellent advice for all organizations — healthcare and non-healthcare …

Continue reading “OCR Releases Video Guidance on Recognized Security Practices for National Cybersecurity Awareness Month”

OCR Guidance on HIPAA Security Rule Security Incident Procedures for National Cybersecurity Awareness Month

On October 25, 2022, the U.S. Department of Health and Human Services Office of Civil Rights in its October 2022 OCR Cybersecurity Newsletter provided guidance titled HIPAA Security Rule Security Incident Procedures. This guidance is not only a must-read for all healthcare “covered entities,” especially small and midsize organizations, but it is excellent advice for …

Continue reading “OCR Guidance on HIPAA Security Rule Security Incident Procedures for National Cybersecurity Awareness Month”

StopRansomware.gov – the U.S. Government’s One-Stop Resource for Ransomware

The U.S. Government has launched a new resource to help combat the ransomware pandemic. Below is the relevant information it has shared: The U.S. Government launched a new website to help public and private organizations defend against the rise in ransomware cases. StopRansomware.gov is a whole-of-government approach that gives one central location for ransomware resources …

Continue reading “StopRansomware.gov – the U.S. Government’s One-Stop Resource for Ransomware”

Ransomware! What is it and how do you better protect against it?

Just as one pandemic — COVID-19 — seems to be winding down, another — THE RANSOMWARE PANDEMIC — is now wreaking havoc on our society with full force. Critical Information You Need to Help Better Protect Your Practice and Your Clients From Ransomware, my article in the July 2021 Texas Bar Journal, attempts to provide …

Continue reading “Ransomware! What is it and how do you better protect against it?”

MFA Could Have Prevented the Ransomware Attack on Colonial Pipeline, According to its CEO

On June 8, 2021, Colonial Pipeline CEO Joseph Blount testified to a U.S. Senate committee about the recent ransomware attack on the company. While most of the attention to his testimony has been focused on the propriety of paying the roughly $4.4 million ransom payment to the DarkSide hacking group, I believe there is a …

Continue reading “MFA Could Have Prevented the Ransomware Attack on Colonial Pipeline, According to its CEO”

We need more humility in cybersecurity

We need more humility in cybersecurity. Let me explain … I was scrolling through LinkedIn and came across a comment on a post about FireEye from my friend Raf Los that reminded me of this issue and a webinar I did with SecureWorld several months back. In the webinar, I was asked what is the …

Continue reading “We need more humility in cybersecurity”

Think your company is too sophisticated to be hit with a successful cyber attack? Ask FireEye …

A lot of business executives — and far too many IT professionals — think that their company’s IT systems are too sophisticated and well-maintained for their company to have a successful cyberattack against it. They think their company is doing it all right and this is only the kind of stuff that happens to “the …

Continue reading “Think your company is too sophisticated to be hit with a successful cyber attack? Ask FireEye …”