The Coalfire Blog

Welcome to the Coalfire Blog, a resource covering the most important issues in IT security and compliance. You'll also find information on Coalfire's insights into the unique cybersecurity issues that impact the industries we serve, including Cloud Service Providers, RetailFinancial Services, Healthcare, Higher Education, Payments, Government, Restaurants, and Utilities.

The Coalfire blog is written by the company's leadership team and our highly-credentialed security assessment experts. We look forward to your comments, so please join the conversation.


  • HIPAA Complaints, OCR Investigations, and Security Risk Analysis for Healthcare Delivery Organizations – A Common Thread

    November 26, 2018, Rich Curtiss, Principal, Healthcare Risk Assurance Services

    Many HIPAA covered entities (CEs) and business associates (BAs) may not be meeting the regulatory mandate as defined in §164.308(a)(1)(ii)(A) of the HIPAA Security Rule. This implementation specification requires that healthcare delivery organizations (HDOs) “Conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information held by the covered entity or business associate.”

    Read more
  • Coalfire Teams with Healthcare and Public Health Sector Coordinating Council (HSCC) for Fall Summit

    October 18, 2018, Rich Curtiss, Principal, Healthcare Risk Assurance Services

    The Department of Homeland Security (DHS) charged the Healthcare and Public Health Sector Coordinating Council (HSCC) with serving as a partnership between the private and public healthcare sectors. To that end, two unique councils were formed: The Healthcare and Public Health Government Coordinating Council (HGCC) was established by presidential directive to sustain the essential functions of the nation’s healthcare and public health system; the HSCC is a companion council established by presidential directive as a private sector counterpart with similar mission objectives. A key difference between the two is the HSCC is a purely voluntary organization whose membership is solicited to provide influence and expertise within the healthcare industry.

    Read more
  • The Unhealthy Security of Healthcare

    September 25, 2018, Qasim Ijaz, Director, Coalfire Labs

    I have been involved in a number of healthcare penetration tests here at Coalfire and in my previous roles. I have hacked electronic medical records, medical devices, and most importantly, humans. From my time as a systems engineer at a medical device and systems vendor to my current role at Coalfire as a penetration tester, I have seen a few healthcare organizations grow from highly insecure to cyber-fortresses. In this blog, I will highlight the most common issues my teammates and I come across while penetration testing healthcare environments.

    Read more
  • The Archimedes Medical Device Security 101 Conference - A Secure Forum for Security Issues

    January 26, 2018, Andrew Hicks, Managing Principal, Coalfire

    The University of Michigan’s Archimedes Center for Medical Device Security hosted its second annual MDS 101 conference in Orlando this month. The conference provides a secure forum for attendees to speak freely about cybersecurity issues with respected professionals who can help establish best practices for improving medical device security.

    Read more
  • Healthcare Security Pros Prioritize Sharing and Caring in the Wild, Wild West of Healthcare

    January 02, 2018, Deborah McLain, Director, Heathcare & Life Sciences, Coalfire

    Security professionals from healthcare delivery organizations (HDOs), medical device manufacturers, and pharmaceutical companies gathered in Scottsdale, Arizona for the NH-ISAC Cyber Rodeo Summit last month. The big topics were how to share more threat intelligence, while at the same time ensuring the highest level of patient care and safety.

    Read more
  • Displaying results 1-5 (of 28)
     |<  < 1 - 2 - 3 - 4 - 5 - 6  >  >| 

Recent Posts

Post Topics

Archives

Tags

2.0 3.0 access Agency AICPA Assessment assessments audit AWS AWS Certified Cloud Practitioner AWS Certs AWS Summit bitcoin Black Hat Black Hat 2017 blockchain Blueborne Breach BSides BSidesLV Burp BYOD California Consumer Privacy Act Chertoff cloud CoalfireOne Compliance credit cards C-Store Cyber cyber attacks Cyber Engineering cyber incident Cyber Risk cyber threats cyberchrime cyberinsurance cybersecurity danger Dangers Data DDoS DevOps DFARS DFARS 7012 diacap diarmf Digital Forensics DoD DRG DSS e-banking Ed Education encryption engineering ePHI Equifax Europe EU-US Privacy Shield federal FedRAMP financial services FISMA Foglight forensics Gartner Report GDPR Google Cloud NEXT '18 government GRC hack hacker hacking Halloween Health Healthcare heartbleed Higher Higher Education HIMSS HIPAA HITECH HITRUST HITRUST CSF Horror interview IoT ISO IT JAB JSON keylogging Kubernetes Vulnerability labs LAN law firms leadership legal legislation merchant mobile NESA News NH-ISAC NIST NIST 800-171 NIST SP 800-171 NotPetya NRF NYCCR O365 OCR of P2PE PA-DSS password passwords Payments PCI PCI DSS penetration Penetration Testing pentesting Petya/NotPetya PHI Phishing Phising policy POODLE PowerShell Presidential Executive Order Privacy program Ransomware Retail Risk RSA Safe Harbor scary security security. SOC SOC 2 social social engineering Spectre Splunk Spooky SSAE State Stories Story test Testing theft Virtualization Visa vulnerability Vulnerability management web Wifi wireless women XSS