Tag Archives: Data Privacy

HHS Releases HPH Sector Cybersecurity Framework Implementation Guide to Help Healthcare Organizations Leverage NIST Cybersecurity Framework

On March 8, 2023, the U.S. Department of Health and Human Services (HHS) released its HPH Sector Cybersecurity Framework Implementation Guide (the Guide) to help healthcare organizations leverage the NIST Cybersecurity Framework. This Guide is not only a must-read for all healthcare “covered entities,” especially small and midsize organizations, but it is excellent advice for …

Continue reading “HHS Releases HPH Sector Cybersecurity Framework Implementation Guide to Help Healthcare Organizations Leverage NIST Cybersecurity Framework”

FBI, CISA, MS-ISAC Joint Cybersecurity Advisory – #StopRansomware: LockBit 3.0

The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing & Analysis Center (MS-ISAC) routinely release a Joint Cybersecurity Advisory (CSA) as part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail ransomware variants and ransomware threat actors. On March 16, 2023, they …

Continue reading “FBI, CISA, MS-ISAC Joint Cybersecurity Advisory – #StopRansomware: LockBit 3.0”

Boston Area Friends – Join me for the lunch keynote at SecureWorld Boston on March 23!

I am super excited to share that next week I will be headed to Boston to speak at one of my absolute favorite conferences each year — the United States’ preeminent cybersecurity conference — SecureWorld! On Thursday, March 23, 2023, I will present the lunch keynote on Cybersecurity Really Is a Team Sport, since folks …

Continue reading “Boston Area Friends – Join me for the lunch keynote at SecureWorld Boston on March 23!”

The White House Cybersecurity Plan – the Devil is in the Details

“The devil is in the details” — that about sums up my take on the White House Cybersecurity Plan. Many thanks to Lily Newman for including this and some other points from our discussion in her Wired article The High-Stakes Blame Game in the White House Cybersecurity Plan. I appreciate that the Administration is talking …

Continue reading “The White House Cybersecurity Plan – the Devil is in the Details”

Charlotte, NC Area Friends – Join me at SecureWorld Charlotte on March 1 & 2!

I am super excited to share that next week I will be headed to Charlotte, North Carolina to speak at one of my absolute favorite conferences each year — the United States’ preeminent cybersecurity conference — SecureWorld! On Wednesday, March 1, 2023, I will be leading a full day workshop for SecureWorld Plus registrants on …

Continue reading “Charlotte, NC Area Friends – Join me at SecureWorld Charlotte on March 1 & 2!”

Dental Practice Responses to Online Reviews Cost $23,000 Settlement with OCR for Impermissible Disclosure of PHI

On December 14, 2022, the U.S. Department of Health and Human Services Office of Civil Rights published a notice of a settlement with a dental practice over disclosures of patients’ protected health information over social media. Here is the full version reproduced below: Date: Wed, 14 Dec 2022Subject: HHS Civil Rights Office Enters Settlement with …

Continue reading “Dental Practice Responses to Online Reviews Cost $23,000 Settlement with OCR for Impermissible Disclosure of PHI”

OCR Releases Video Guidance on Recognized Security Practices for National Cybersecurity Awareness Month

On October 31, 2022, the U.S. Department of Health and Human Services Office of Civil Rights provided guidance titled OCR Releases New Recognized Security Practices Video. This guidance is not only a must-read for all healthcare “covered entities,” especially small and midsize organizations, but it is excellent advice for all organizations — healthcare and non-healthcare …

Continue reading “OCR Releases Video Guidance on Recognized Security Practices for National Cybersecurity Awareness Month”

OCR Guidance on HIPAA Security Rule Security Incident Procedures for National Cybersecurity Awareness Month

On October 25, 2022, the U.S. Department of Health and Human Services Office of Civil Rights in its October 2022 OCR Cybersecurity Newsletter provided guidance titled HIPAA Security Rule Security Incident Procedures. This guidance is not only a must-read for all healthcare “covered entities,” especially small and midsize organizations, but it is excellent advice for …

Continue reading “OCR Guidance on HIPAA Security Rule Security Incident Procedures for National Cybersecurity Awareness Month”

Not all HIPAA privacy “breaches” are caused by “hackers” — dentist gets $50k penalty for responding to patient’s Google review

When thinking of HIPAA data breaches, most of us tend to think of situations where the hackers engage in malicious activities against hospitals and steal troves of patients’ protected health information (PHI). There are, however, other much simpler kinds of HIPAA privacy breaches that are easily avoidable and can be quite costly to the healthcare …

Continue reading “Not all HIPAA privacy “breaches” are caused by “hackers” — dentist gets $50k penalty for responding to patient’s Google review”

Ransomware Attacks! The 5 Best Practices the White House Urges all Businesses to Take to Mitigate Them

The threat of ransomware attacks against all American businesses is so great that on June 2, 2021, the White House issued a memo to all corporate executives and business leaders with the subject “What We Urge You To Do To Protect Against The Threat of Ransomware.” This is the first time such a memo has ever been …

Continue reading “Ransomware Attacks! The 5 Best Practices the White House Urges all Businesses to Take to Mitigate Them”