On October 31, 2022, the U.S. Department of Health and Human Services Office of Civil Rights provided guidance titled OCR Releases New Recognized Security Practices Video. This guidance is not only a must-read for all healthcare “covered entities,” especially small and midsize organizations, but it is excellent advice for all organizations — healthcare and non-healthcare…
Tag: data security
OCR Guidance on HIPAA Security Rule Security Incident Procedures for National Cybersecurity Awareness Month
On October 25, 2022, the U.S. Department of Health and Human Services Office of Civil Rights in its October 2022 OCR Cybersecurity Newsletter provided guidance titled HIPAA Security Rule Security Incident Procedures. This guidance is not only a must-read for all healthcare “covered entities,” especially small and midsize organizations, but it is excellent advice for…
The INSIDERS Podcast – Cybersecurity with Shawn Tuma
It was a great experience to record The INSIDERS Ep 19 – Cybersecurity with Shawn Tuma podcast with Sandy Hibbard Creative, thanks for having me on! In this episode, we discussed these issues, and the full show is listed below that: “Security is hard, it will take work and commitment. Cyber crime can and will…
Ransomware Attacks! The 5 Best Practices the White House Urges all Businesses to Take to Mitigate Them
The threat of ransomware attacks against all American businesses is so great that on June 2, 2021, the White House issued a memo to all corporate executives and business leaders with the subject “What We Urge You To Do To Protect Against The Threat of Ransomware.” This is the first time such a memo has ever been…
Working From Home During COVID-19? Five Things You Should be Doing–But Probably Are Not–To Be More Cyber Secure (publication)
Many thanks to the Texas Bar Journal for publishing my recent article, Working From Home During COVID-19? Five Things You Should be Doing–But Probably Are Not–To Be More Cyber Secure, in the Cybersecurity Issue: Without an understanding of the particular organization or the unique risks it faces, it is impossible to know what is best or…
The Art of Cybersecurity: How Sun Tzu Masterminded the FireEye / US Agencies / SolarWinds Cyberattacks
Sun Tzu taught that, when it comes to the art of cybersecurity, you must be wary of your business partners and other third parties. Why? Unless you are living under a rock, you should have heard that FireEye–perhaps the preeminent cybersecurity firm on the face of the planet–was the victim of a successful cyberattack. So…
***URGENT*** MEMO TO: “The IT Guy” RE: Securing RDP Access–Changing the RDP Port Does Not Work!
***URGENT MEMORANDUM*** TO: “The IT Guy” FROM: Your clients’ Incident Response Coach SUBJECT: Securing RDP Access–Changing the RDP Port Does Not Work! This Memo comes out of necessity, please take it seriously. I have now lost track of how many times over the past couple of months I have been on “scoping calls” with a…
Think your company is too sophisticated to be hit with a successful cyber attack? Ask FireEye …
A lot of business executives — and far too many IT professionals — think that their company’s IT systems are too sophisticated and well-maintained for their company to have a successful cyberattack against it. They think their company is doing it all right and this is only the kind of stuff that happens to “the…
Simple Mistakes – Not Always “The Hackers” – Can Cause Substantial Data Breaches
It is not always the feared and dreaded “hackers” that cause the exposure and breach of confidentiality of sensitive personal information. Sometimes it’s just simple mistakes, but the consequences can be much the same. Consider this situation: NTreatment inadvertently exposed thousands of medical records online by neglecting to add password protection to one of its…
Think your company is too sophisticated to be hit with a ransomware attack? Ask Advantech …
A lot of business executives — and far too many IT professionals — think that their company’s IT systems are too sophisticated and well-maintained for their company to have a successful ransomware attack against it. They think their company is doing it all right and this is only the kind of stuff that happens to…
You must be logged in to post a comment.