Highlights from the HITRUST Health Industry Third Party Assurance Summit
November 19, 2015, Andrew Hicks, Healthcare and Life Sciences Practice Director
On June 29, 2015, the Health Information Trust Alliance (HITRUST) announced that several massive payer organizations, including Anthem, Health Care Services Corp., Highmark, Humana, and UnitedHealth Group will require their business associates to obtain CSF certification. While this is old news, HITRUST assembled more than 350 business-associate attendees at the “Health Industry Third Party Assurance Summit: Driving Efficiencies and Compliance through the HITRUST Assurance Program” last Friday as a way for business associates to (1) better understand the reasons for the mandate, (2) understand the journey to CSF certification, (3) interact with CSF Assessor organizations (such as Coalfire), and (4) learn about current initiatives underway at HITRUST.
The Ghosts Inside - Horror Stories 2015
October 26, 2015, Joseph Hesse, Director of Penetration Testing
By 8 p.m. the donuts from the previous day had gone stale, what was left of them anyway. There was the eerie feeling of spirits in the night mist tonight. It was late October and the chill was thick with Halloween. You could smell it in the haze. I consider myself quite tough, but when you are a ghost it’s always a little… spooky.
Breaching a bank in 20 minutes - Horror Stories 2015
October 26, 2015, Ryan MacDougall, Sr. Security Consultant
I arrived onsite to suite #102 (the bank’s corporate headquarters) around 9:40 a.m. I was impersonating a local utility worker – with all the garments like a hardhat, clipboard, obnoxious yellow vest, and some old Timberland work boots. I played the part well.
The 100 Million Dollar Getaway - Horror Stories 2015
October 26, 2015, Price McDonald, Director Labs Professional Services
In today's security landscape, companies face daily threats to their reputation and intellectual property. The typical response to these threats is to purchase a tool or a service claiming to be a magical silver bullet that can respond to all "cyber" threats. In reality, the quest for a security silver bullet is a fool's errand, and any solid security program will revolve around continuous evaluation and training against emerging threats.
The Clock is ticking for EU and US to Negotiate New Safe Harbor Deal: What You Can Do to Stay Out of Legal Limbo
October 22, 2015, John Rostern, VP, Technology Advisory and Assessment Services
European authorities have given the European Union and US officials three months to come up with an alternative to the Safe Harbor agreement after the European Court of Justice (ECJ) declared Safe Harbor laws invalid earlier this month. The new agreement must protect the personal data of European citizens from ‘massive and indiscriminate surveillance conducted by the U.S. government’, the authorities said. These actions were ruled incompatible with EU law in an Oct. 6 decision by the ECJ.