The Coalfire Blog

Welcome to the Coalfire Blog, a resource covering the most important issues in IT security and compliance. You'll also find information on Coalfire's insights into the unique cybersecurity issues that impact the industries we serve, including Cloud Service Providers, RetailFinancial Services, Healthcare, Higher Education, Payments, Government, Restaurants, and Utilities.

The Coalfire blog is written by the company's leadership team and our highly-credentialed security assessment experts. We look forward to your comments, so please join the conversation.


  • A huge applause from the NIST-OCR-HIPAA 2015 conference

    September 09, 2015, Andrew Hicks, Healthcare and Life Sciences Practice Director

    It looked like the 8th annual conference may have garnered record-breaking attendance as I noticed hotel staff rushing to add skirted tables and chairs to the back of the room to accommodate a standing-room-only crowd.  I guess that was to be expected given the star-studded line-up of presenters including HHS OCR Director Jocelyn Samuels, her brand new Deputy Director, Deven McGraw, and the OCR enforcer, Iliana Peters.  We also heard from government officials at the FTC, the ONC, NIST’s NCCoE, and the HHS Preparedness and Response office.  The audience responded to each session with a line of people trailing from the microphone set up for Q&A – and with excellent questions, too!

    Read more
  • Is penetration testing required for HIPAA compliance?

    June 22, 2015, Andrew Hicks, Healthcare and Life Sciences Practice Director

    In this blog post we’re going to focus our discussion on the technical requirement part of this standard.  The evaluation is supposed to establish the extent to which a covered entity’s (or business associate’s) security policies and procedures meet the requirements of the HIPAA Security Rule.  A question is posed: how does an organization evaluate this requirement without performing specific technical testing?

    Read more
  • Final HITECH Act Stage 3 Meaningful Use Rules May Require Annual Risk Analysis plus a Risk Management Component

    June 03, 2015, Andrew Hicks, Healthcare and Life Sciences Practice Director

    The comments are in and the HHS is scrambling to review them all before they issue the final Stage 3 Meaningful Use rules later this summer.  Comments from entities such as CHIME and HIMSS represent good news and bad news for healthcare providers, depending on how you look at it.  The HIPAA Security Rule has always required a risk analysis, but now there could be an annual requirement for risk analyses.

    Read more
  • Reporting LIVE from the HIMSS 2015 Cybersecurity Command Center

    April 30, 2015, Andrew Hicks, Healthcare and Life Sciences Practice Director

    Well, it’s not exactly live anymore but it certainly was worth tweeting live from the brand new Cybersecurity Command Center (CCC) at HIMSS 2015 in Chicago a couple weeks ago given all the excitement.  The CCC was the place to be at HIMSS this year with standing room only at the educational sessions.  HIMSS staff members were busy adding rows of seating to the session area to fit all the attendees who were clamoring for valuable information delivered by numerous speakers from the FBI to the Secret Service to cyber risk subject matter experts.

    Read more
  • The Future of Healthcare Cybersecurity: The Best Defense is a Good Offense

    March 20, 2015, Andrew Hicks, Healthcare and Life Sciences Practice Director

    In the last five years with the increasing digitalization of health information, healthcare security breaches have increased four-fold with the industry experiencing more breaches than any other in 2013. With a large number of potential targets and the high value of personal medical information on the black market, healthcare organizations will continue to be more appealing targets.

    Read more
  • Displaying results 1-5 (of 18)
     |<  < 1 - 2 - 3 - 4  >  >| 

Recent Posts

Post Topics

Archives

RSS Feed

The Coalfire BlogSubscribe to Feed
Chrome users will need to install RSS Subscription Extension (by Google)

Tags