Help Me With Hipaa

OCR recently announced the resolution of 12 investigations. Eleven were for patient right of access violations and one was a big dollar settlement of a security incident at Oklahoma State University Center for Health Services. Lots to cover and learn in this episode. So, pay attention, folks. More info at HelpMeWithHIPAA.com/366

Today’s podcast episode is all about why we worry about supply chain issues, why we keep talking about the HiC SCRiM guidance, and why the first day of the PriSec Boot Camp is supply chain risk management. We’ll review several supply chain breaches, one where there were 660 providers hit at once. As you probably have guessed, these breaches involved ransomware attacks. More info at HelpMeWithHIPAA.com/365

It can be a stressful time when you are adding a new vendor or switching vendors for your critical services.  This is the time to create a plan and do a risk analysis to make sure everything gets transitioned and set up properly. Things can go wrong if there’s no plan in place. Today, we review some tips to help you prepare for a vendor transition. More info at HelpMeWithHIPAA.com/364

When you're shopping for cybersecurity insurance, the applications can be intense. You'll need to provide a lot of details about your current security protections, and you may be asked to complete a security audit. This is because insurance companies want to be sure that they're not insuring businesses that aren't doing everything they can to protect themselves from cyber attacks. This episode we discuss what questions you may encounter on your cyber insurance applications.

Ransomware tactics are constantly changing. Understanding the protections we use today will not be enough down the road is key. We must constantly adjust and adapt our security protections to protect against these attacks. Today, we are going to discuss ransomware stats and key points from two recent reports that can help you create a response plan for ransomware attacks. More info at HelpMeWithHIPAA.com/362

We use passwords for everything. Creating a unique, secure password for every website and application is hard to remember, right? So, why hasn’t someone figured out how to get rid of passwords? Well, today we are going to talk about the FIDO password killer solution. More info at HelpMeWithHIPAA.com/361

How many of us know what we don’t know, or at least, willing to admit we don't know what we don't know? Today, we are going to find out as we cover a few potential data breach scenarios and ask “what would you do - report it or not?”  More info at HelpMeWithHIPAA.com/360

Today, we are going to give you our six takeaways from the 15th annual Verizon Data Breach Investigation Report. We like these reports because they give us an indication of what's going on in the cyber world, what we need to be looking for and looking out for. More info at HelpMeWithHIPAA.com/359

We get this question all of the time:  How do they get in?  How do the bad guys get in and attack my network? Seems like a simple question, right?  Well there’s not always a clear cut answer.  The first thing you need to understand is that cybersecurity isn't a problem you solve. It's a chronic condition that you have to manage.  More info at HelpMeWithHIPAA.com/358

Recently, a Cybersecurity Advisory was released worldwide to MSPs and their customers. We will take a look into what this guidance is, how it applies, and what needs to be done about it.  This is BIG and we all better be paying attention. More info at HelpMeWithHIPAA.com/357

Everybody get on board because data security laws keep getting signed in states each year. The new Maryland and Kentucky data security laws are designed to help protect insurance companies from cyber attacks by implementing cybersecurity standards, developing, implementing, and maintaining a written information security program. Their service providers are also required to implement such programs which include a requirement to report cyber security incidents within 3 days of discovery. For more details go to HelpMeWithHIPAA.com/356

Incident response planning is important to every business. You don’t want to figure out how to manage the business and respond to an incident on the fly.  These plans should be reviewed and updated regularly. Today we review a brand new guide from the Healthcare & Public Health Sector Coordinating Council on Operational Continuity - Cyber Incident. More info at HelpMeWithHIPAA.com/355

Over the last couple years, we’ve had some high-profile cybersecurity compromises and data breaches. And this trend is not slowing down. Today, we review a recent study of the top cyber threats to healthcare organizations. The results reinforce that PriSec teams require everyone to participate. More info at HelpMeWithHIPAA.com/354

Recently, we’ve had a couple things come up which involved tricky places that HIPAA has applied that most people might not think of. So, we thought we'd throw them out there and have a little bit of fun discussing them. More info at HelpMeWithHIPAA.com/353

Cybercrime is a booming business. In 2021, the US experienced an unprecedented increase in cyber attacks with criminals making $6.9 billion online. In today’s podcast, we review the FBI’s Internet Crime Report for 2021. More info at HelpMeWithHIPAA.com/352

It is crucial for every business to understand the security practices of their vendors. And also to make sure that those vendors are vetting their vendors.  A cyber attack at a link in your supply chain can drastically affect your business. Evidence: the Okta breach. More info at HelpMeWithHIPAA.com/351

Have you heard the one about three dentists and a psychiatrist walk into... an OCR investigation? OCR has announced their first set of enforcement actions of 2022, and just in time for our 350th episode.  These involve patient right of access and improper disclosure violations. More info at HelpMeWithHIPAA.com/350

Donna made many notes from the HIPAA Summit. Today, she and David will share six of her top picks, including the difference between an incident and a breach, how a “check the box compliance program” is not a privacy and security program, importance of understanding what your vendor’s incident response plans are and more. More info at HelpMeWithHIPAA.com/349

If you are a regular listener of the podcast, you know how Donna loves to “HIPAA-geek out” over the National HIPAA Summit each year. This year’s National HIPAA Summit did not disappoint. Today, we discuss a few points made concerning enforcement of HIPAA related cases by three arms of the federal government. More info at HelpMeWithHIPAA.com/348

Cyber threats are a growing risk that is becoming increasingly difficult to avoid. Small and medium businesses are not immune to these cyber threats. They are a growing business risk. The first step in preventing cyber threats is awareness.  More info at HelpMeWithHIPAA.com/347