Latest round of OCR audits highlight HIPAA risk analysis and risk management shortcomings
John Piotrowski, Senior Consultant, Healthcare Cyber Risk Services, Coalfire
The Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) has released its latest report with findings from their 2016 and 2017 series of audits as required under the Health Insurance Portability and Accountability Act of 1996 (HIPAA)/HITECH Privacy, Security, and Breach Notification Rules (HIPAA Rules).
Coalfire acquires penetration testing management platform
Mark Carney, Executive Vice President, Coalfire
Over the past year, Coalfire has worked closely in partnership with Neuralys, a penetration testing management platform. Today, Coalfire is ecstatic to announce the acquisition of Neuralys, and welcome its founders, developers and sales team to our organization.
New cybersecurity legislation to amend the Health Information Technology for Economic and Clinical Health (HITECH) Act – an analysis of H.R. 7898
Rich Curtiss, Director, Healthcare Cyber Risk Services, Coalfire
New legislation was passed by Congress and signed by the president on January 5, 2021 that amends the HITECH Act with an additional section titled: SEC. 13412. RECOGNITION OF SECURITY PRACTICES. The fundamental driver for amending HITECH is to ensure the secretary of Health and Human Services (HHS) and the constituent HHS offices (e.g., the Office for Civil Rights) take into consideration whether a covered entity or business associate is using appropriate and recognized security best practices when investigating a complaint or responding to a breach of protected health information (PHI).
The Edge of a Storm?
Andrew Barratt, Managing Director, Europe
The SolarWinds element of this breach is likely just the ‘tip of the iceberg’ as many more businesses leveraging their management tools are exposed to this compromise. Not necessarily from the nation state actor believed to have triggered it, but from the potential sell off of those points of access to criminal groups. In our investigation experience, broad compromises are often sold on the various dark web forums to organized crime groups who are more likely to target critical business assets looking for an opportunity to monetize the breach. Read more
Deploying your first Blueprints
Doug Francis, Senior Consultant, Cloud Solutions Engineering, Coalfire
Welcome back to the fourth and final part of this Azure Blueprints series. This section covers how to use some Blueprints provided by Microsoft and how to get started writing your Blueprints for managing your Azure Governance. Specifically, we will look more closely at a FedRAMP use case.