Help Me With Hipaa

These new settlements from OCR should be new required reading. There is very little guessing about their expectations in these CAPs. Specifically mentioning encryption requirements and mobile device management is not ambiguous at all. Things are getting real folks! More info at HelpMeWithHIPAA.com/266

There are plenty of things happening that you should be aware of including a new settlement announcement from OCR. This and more things happening out there you should know about! More info at HelpMeWithHIPAA.com/265

So happy that we are finally doing this show in time to remind you to use the free security awareness training resources available for October which is National Cybersecurity Awareness Month (NCSAM). There are a lot of free resources available to promote security awareness under that program released each year. Today we are discussing how to use these resources to  work out a plan for your training through out October!   More at HelpMeWithHIPAA.com/264  

The threat of ransomware continues to be a major issue for all businesses. MSPs were a gateway for mass cyber attacks in 2019. Make sure your IT provider is using the new guide specifically for them produced by NIST and NCCoE: PROTECTING DATA FROM RANSOMWARE AND OTHER DATA LOSS EVENTS. While we are at it there are a couple of articles relating to ransomware’s impact on insurance coverage that we need to bring to your attention. More at HelpMeWithHIPAA.com/263

The annual Verizon data breach report was recently released for 2020. Learning from other’s mistakes is always the best way to learn vs the alternatives. These reports always offer very specific details that we find very enlightening and helpful in making business decisions relating to security in all businesses. More at HelpMeWithHIPAA.com/262

COVID-19 Testing vs HIPAA is starting to play out all over the country as businesses reopen and the virus continues to spread. Today we will discuss some of the confusion about all the COVID-19 testing and HIPAA. More at HelpMeWithHIPAA.com/261

So far 2020 has the whole world turned upside down. A true global pandemic, global economic fallout still happening from a shutdown caused by the pandemic and a level of global social unrest that hasn’t been seen in 40-50 years. Yes, it is overwhelming. But, it is also very clear that the criminal factors and nation-state attackers are well aware no one is watching the hen house too. More info at HelpMeWithHIPAA.com/260

Too often our human selves will happily put off some responsibilities on others if we can find any small reason for doing so. It may not be our best quality but it is certainly one that bonds most of us together. I personally can’t name anyone that would say sorry I would like to take responsibility for something I think is your responsibility. In our world today we all need to take responsibility for helping protect the group as a whole. The NICE team from NIST published something about just that when it comes to cybersecurity. Time to get ready to discuss it is everyone’s responsibility, not just a select few. More at HelpMeWithHIPAA.com/259

If you are a fan of horror flicks you know the story. Even if you are not a fan you probably know the line from When A Stranger Calls:  “the calls are coming from a phone inside the house”.  That stuff happens in the opening. Personally, I have never made it through that part much less through the whole thing.  Today we have a whole new horror flick to discuss: cyberattacks coming from inside the network.  Maybe we should hold this until Halloween but who knows what will happen then, we need to cover this because it is happening now. More info at HelpMeWithHIPAA.com/258

Perfect timing rarely happens these days but we have been discussing updating incident response plans based on what we have learned in the last two months. In fact, we ended our last episode saying the response plan update is one of the most important things you should do. Like magic Erik Decker posts on LinkedIn this week that the HIC group has finished a new guide specifically about crisis response. More info at HelpMeWithHIPAA.com/257

We always know when serious stuff has happened behind the scenes and OCR got involved. Some major violations of privacy rights must have happened when we see the OCR notice reminding everyone that you can not share patient information with the media without authorization. More info at HelpMeWithHIPAA.com/256

We mentioned in the last episode that we would put together a checklist of sorts for what to do as everyone switches back to the old way of doing business or sets up under new remote models. While this isn’t exactly a copy and paste checklist it does give you food for thought as to what to consider for your own reboot checklist. More at HelpMeWithHIPAA.com/255

When can we stop talking about ransomware? Apparently, never. One of the things we can list as part of our “new normal” is new ways ransomware is going to be impacting us differently. Things are worse today than when we discussed ransomware just a couple of months ago. The pandemic has opened up so many ways for the criminals to attack they are having a field day. More at HelpMeWithHIPAA.com/254

Like it or not we have to face new realities on our threat lists as we figure out our new normal in the post COVID-19 landscape. The privacy and security risks have changed just like everything else during the crisis. Threat lists used for your SRA must be updated and addressed. You do not want to be hit with data breaches and privacy breaches just as you get things back up and running, do you? More at HelpMeWithHIPAA.com/253

Before things went all COVID on us this episode was planned out. It may be even more worthy of an episode now. Have you been evaluating your MSPs response to your current state of business? We knew there were some MSP issues in 2019 but now, in 2020, you must have a reliable trusted MSP partner more than ever. What kinds of things do you need to know about your tech needs, your MSP and where you both plan for the future? More at HelpMeWithHIPAA.com/252

So many scams and so little time to keep up with them.  Yes, that is what it feels like these days.  There are so many coronavirus scams we have to take some time to update you guys.  There have been cybercrime alerts and stupid people stories galore.  Here are the coronavirus scams and crimes we have on our radar this week.   More at HelpMeWithHIPAA.com/251

With the national crisis still in play, cybersecurity is essential to operating businesses which are now online more than ever before. Small businesses without any apps before are going online to survive. Telehealth, remote learning, telework are all standard right now.  With so much going on we are trying to keep our eye on cyber stories to prepare ourselves and our clients for what is happening out there. Today let’s discuss 3 cyber stories we are watching right now. More at HelpMeWithHIPAA.com/250

There is a lot of confusion along the way as there always will be in a crisis like this one. We are going to share some of the good information and do our best to clear up some of the misinformation. No matter what, though, it could all change in the two short weeks between when we record this and when we publish it for you guys. Our plan is to provide as much solid information that we know to be true and accurate today. More at HelpMeWithHIPAA.com/249

We are all doing our best to focus on what we can do during this national crisis.  It is certain that we will bounce back at some point and be able to get back to business.  When we do this national reboot, what kinds of things will we need to do? Spend time now planning for the coming business reboot.  More at HelpMeWithHIPAA.com/248

In Oct 2019 another document was released by the Health Sector Coordinating Council Joint Cybersecurity Working Group.  Health Industry Cybersecurity Supply Chain Risk Management Guide or HIC SCRiM for short is aimed at helping small and medium sized healthcare organizations manage their supply chain vendors. If you haven’t had a chance to check it out, we are reviewing it for you today.  If you do review it you will see why we think that HIC SCRiM should wake up vendors. More info at HelpMeWithHIPAA.com/247