The Coalfire Blog

Welcome to the Coalfire Blog, a resource covering the most important issues in IT security and compliance. You'll also find information on Coalfire's insights into the unique cybersecurity issues that impact the industries we serve, including Cloud Service Providers, RetailFinancial Services, Healthcare, Higher Education, Payments, Government.

The Coalfire blog is written by the company's leadership team and our highly-credentialed security assessment experts.

  • Latest round of OCR audits highlight HIPAA risk analysis and risk management shortcomings

    John Piotrowski, Senior Consultant, Healthcare Cyber Risk Services, Coalfire

    The Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) has released its latest report with findings from their 2016 and 2017 series of audits as required under the Health Insurance Portability and Accountability Act of 1996 (HIPAA)/HITECH Privacy, Security, and Breach Notification Rules (HIPAA Rules).

    Read more
  • Coalfire acquires penetration testing management platform

    Mark Carney, Executive Vice President, Coalfire

    Over the past year, Coalfire has worked closely in partnership with Neuralys, a penetration testing management platform. Today, Coalfire is ecstatic to announce the acquisition of Neuralys, and welcome its founders, developers and sales team to our organization.

    Read more
  • New cybersecurity legislation to amend the Health Information Technology for Economic and Clinical Health (HITECH) Act – an analysis of H.R. 7898

    Rich Curtiss, Director, Healthcare Cyber Risk Services, Coalfire

    New legislation was passed by Congress and signed by the president on January 5, 2021 that amends the HITECH Act with an additional section titled: SEC. 13412. RECOGNITION OF SECURITY PRACTICES. The fundamental driver for amending HITECH is to ensure the secretary of Health and Human Services (HHS) and the constituent HHS offices (e.g., the Office for Civil Rights) take into consideration whether a covered entity or business associate is using appropriate and recognized security best practices when investigating a complaint or responding to a breach of protected health information (PHI).

    Read more
  • The Edge of a Storm?

    Andrew Barratt, Managing Director, Europe

    The SolarWinds element of this breach is likely just the ‘tip of the iceberg’ as many more businesses leveraging their management tools are exposed to this compromise. Not necessarily from the nation state actor believed to have triggered it, but from the potential sell off of those points of access to criminal groups. In our investigation experience, broad compromises are often sold on the various dark web forums to organized crime groups who are more likely to target critical business assets looking for an opportunity to monetize the breach.

    Read more
  • Deploying your first Blueprints

    Doug Francis, Senior Consultant, Cloud Solutions Engineering, Coalfire

    Welcome back to the fourth and final part of this Azure Blueprints series. This section covers how to use some Blueprints provided by Microsoft and how to get started writing your Blueprints for managing your Azure Governance. Specifically, we will look more closely at a FedRAMP use case.

    Read more
  • Displaying results 31-35 (of 163)
     |<  <  3 - 4 - 5 - 6 - 7 - 8 - 9 - 10 - 11 - 12  >  >| 

Recent Posts

Post Topics