Help Me With HIPAA

An updated version of the security rule guide that we've all been waiting for! NIST has developed a cybersecurity resource guide on implementing the HIPAA Security Rule. It provides key activities, descriptions and sample questions to help covered entities and business associates comply with the HIPAA Security Rule. This guide has tons of good information in it. So, listen in as we discuss some of the cool stuff we picked out. More info at HelpMeWithHIPAA.com/367

OCR recently announced the resolution of 12 investigations. Eleven were for patient right of access violations and one was a big dollar settlement of a security incident at Oklahoma State University Center for Health Services. Lots to cover and learn in this episode. So, pay attention, folks. More info at HelpMeWithHIPAA.com/366

Today's podcast episode is all about why we worry about supply chain issues, why we keep talking about the HiC SCRiM guidance, and why the first day of the PriSec Boot Camp is supply chain risk management. We'll review several supply chain breaches, one where there were 660 providers hit at once. As you probably have guessed, these breaches involved ransomware attacks. More info at HelpMeWithHIPAA.com/365

It can be a stressful time when you are adding a new vendor or switching vendors for your critical services. This is the time to create a plan and do a risk analysis to make sure everything gets transitioned and set up properly. Things can go wrong if there's no plan in place. Today, we review some tips to help you prepare for a vendor transition. More info at HelpMeWithHIPAA.com/364

When you're shopping for cybersecurity insurance, the applications can be intense. You'll need to provide a lot of details about your current security protections, and you may be asked to complete a security audit. This is because insurance companies want to be sure that they're not insuring businesses that aren't doing everything they can to protect themselves from cyber attacks. This episode we discuss what questions you may encounter on your cyber insurance applications.

Ransomware tactics are constantly changing. Understanding the protections we use today will not be enough down the road is key. We must constantly adjust and adapt our security protections to protect against these attacks. Today, we are going to discuss ransomware stats and key points from two recent reports that can help you create a response plan for ransomware attacks. More info at HelpMeWithHIPAA.com/362

We use passwords for everything. Creating a unique, secure password for every website and application is hard to remember, right? So, why hasn't someone figured out how to get rid of passwords? Well, today we are going to talk about the FIDO password killer solution. More info at HelpMeWithHIPAA.com/361

How many of us know what we don't know, or at least, willing to admit we don't know what we don't know? Today, we are going to find out as we cover a few potential data breach scenarios and ask "what would you do - report it or not?" More info at HelpMeWithHIPAA.com/360

Today, we are going to give you our six takeaways from the 15th annual Verizon Data Breach Investigation Report. We like these reports because they give us an indication of what's going on in the cyber world, what we need to be looking for and looking out for. More info at HelpMeWithHIPAA.com/359

We get this question all of the time: How do they get in? How do the bad guys get in and attack my network? Seems like a simple question, right? Well there's not always a clear cut answer. The first thing you need to understand is that cybersecurity isn't a problem you solve. It's a chronic condition that you have to manage. More info at HelpMeWithHIPAA.com/358

Recently, a Cybersecurity Advisory was released worldwide to MSPs and their customers. We will take a look into what this guidance is, how it applies, and what needs to be done about it. This is BIG and we all better be paying attention. More info at HelpMeWithHIPAA.com/357

Everybody get on board because data security laws keep getting signed in states each year. The new Maryland and Kentucky data security laws are designed to help protect insurance companies from cyber attacks by implementing cybersecurity standards, developing, implementing, and maintaining a written information security program. Their service providers are also required to implement such programs which include a requirement to report cyber security incidents within 3 days of discovery. For more details go to HelpMeWithHIPAA.com/356

Incident response planning is important to every business. You don't want to figure out how to manage the business and respond to an incident on the fly. These plans should be reviewed and updated regularly. Today we review a brand new guide from the Healthcare & Public Health Sector Coordinating Council on Operational Continuity - Cyber Incident. More info at HelpMeWithHIPAA.com/355

Over the last couple years, we've had some high-profile cybersecurity compromises and data breaches. And this trend is not slowing down. Today, we review a recent study of the top cyber threats to healthcare organizations. The results reinforce that PriSec teams require everyone to participate. More info at HelpMeWithHIPAA.com/354

Recently, we've had a couple things come up which involved tricky places that HIPAA has applied that most people might not think of. So, we thought we'd throw them out there and have a little bit of fun discussing them. More info at HelpMeWithHIPAA.com/353

Cybercrime is a booming business. In 2021, the US experienced an unprecedented increase in cyber attacks with criminals making $6.9 billion online. In today's podcast, we review the FBI's Internet Crime Report for 2021. More info at HelpMeWithHIPAA.com/352

It is crucial for every business to understand the security practices of their vendors. And also to make sure that those vendors are vetting their vendors. A cyber attack at a link in your supply chain can drastically affect your business. Evidence: the Okta breach. More info at HelpMeWithHIPAA.com/351

Have you heard the one about three dentists and a psychiatrist walk into... an OCR investigation? OCR has announced their first set of enforcement actions of 2022, and just in time for our 350th episode. These involve patient right of access and improper disclosure violations. More info at HelpMeWithHIPAA.com/350

Donna made many notes from the HIPAA Summit. Today, she and David will share six of her top picks, including the difference between an incident and a breach, how a "check the box compliance program" is not a privacy and security program, importance of understanding what your vendor's incident response plans are and more. More info at HelpMeWithHIPAA.com/349

If you are a regular listener of the podcast, you know how Donna loves to "HIPAA-geek out" over the National HIPAA Summit each year. This year's National HIPAA Summit did not disappoint. Today, we discuss a few points made concerning enforcement of HIPAA related cases by three arms of the federal government. More info at HelpMeWithHIPAA.com/348

Cyber threats are a growing risk that is becoming increasingly difficult to avoid. Small and medium businesses are not immune to these cyber threats. They are a growing business risk. The first step in preventing cyber threats is awareness. More info at HelpMeWithHIPAA.com/347

Security events can have a significant impact on your business. It's important to understand the magnitude of what's going on and what the risks are. Having a plan in place to deal with privacy and security events can make it better, but not having one can make it worse. More info at HelpMeWithHIPAA.com/346

The harsh realities of cybersecurity are not always easy to hear, but they are the one thing that we cannot compromise on as they can have a huge impact on our lives. We must remain cyber aware and be vigilant in order to combat cyber threats. More info at HelpMeWithHIPAA.com/345

Kardon, Help Me With HIPAA and HIPAA for MSPs is hosting the first PriSec Boot Camp in Louisville, KY on Sep 12, 13, 14 and 15. This ain't yo Momma's privacy and security. It is a one of a kind event designed for those who need to understand and manage a privacy and security program. Listen to today's podcast to learn all about it. More info at HelpMeWithHIPAA.com/344

Encryption can give you a false sense of security. Just because your device or your data is encrypted doesn't mean it is secure. You have to understand how encryption works in order to understand how it doesn't work. More info at HelpMeWithHIPAA.com/343

Securing your website is often overlooked in planning discussions and business risk management decisions. Building a website is pretty easy these days, but keep in mind users expect to have a safe online experience too. Just like with social media sites, a lot can go wrong with a forgotten website. More info at HelpMeWithHIPAA.com/342

More and more SMBs are turning to MSPs to help secure their networks, protect their assets from cyber attacks and meet compliance obligations. MSPs are looking to add new services to meet the SMB market demand. Today, we review a few of our observations for SMBs and MSPs from a recent report on the focus for small businesses in the next few years. More info at HelpMeWithHIPAA.com/341

Honeypots are an important tool in the cybersecurity arsenal. They can be used to observe how attackers work and what their activities, intentions and strategies are. This information can help organizations better understand and defend against cyber attacks. More info at HelpMeWithHIPAA.com/340

Social media has become a very important part of our lives. It is the easiest way to connect with friends, family and even promote your business. If not secured properly, it can also be an easy way for someone to hack into your account and become "you" or be the spokesperson for your business. More info at HelpMeWithHIPAA.com/339

A proper incident response plan is one that details your response to a data breach, cyber attack or other event. Without a proper plan, things can go horribly awry. In this episode, we discuss the steps to properly respond to a security incident and then give you seven ways you can completely screw it up. More info at HelpMeWithHIPAA.com/338

The unknown is the most dangerous. It's a saying that should be taken into account when protecting your most valuable asset - your data. Today we talk about why creating an asset inventory of your hardware, software and data is an important first step to being able to protect it. More info at HelpMeWithHIPAA.com/337

A new year is right around the corner. The good news is 2021 wasn't as unpredictable as 2020, but 2022 could be tricky to navigate. It's time for the review of our 2021 predictions and for us to set new ones for 2022. So, let's get started. More info at HelpMeWithHIPAA.com/336

Well, another year is coming to a close. No one will forget living through 2020. Then, 2021 said "Hold my beer." As with every year, there were ups and downs. Who knows what we will be in for in 2022. Regardless, we will continue to adjust. Thanks to Bojan and our teams who help make this podcast a success. And special thanks to all our podcast listeners. We appreciate everyone's continued support of our efforts to educate and entertain. As we do at the end of each year, we let Bojan create a podcast of our bloopers and behind the scenes silliness. Enjoy his 2021 Blooper Show. It gives us a week off and gives him a chance to get back at us for the whole year of crap. More data privacy and security madness coming your way next year! Happy Holidays and Happy New Year to you all!

OCR has released resolutions to five cases in its HIPAA Patient Right of Access Initiative. This brings the total cases to 25 since the initiative began. These cases continue to underscore the importance of this initiative. More info at HelpMeWithHIPAA.com/335

SaaS continues to grow as a popular way to deploy business applications. It is crucial for businesses to understand what data they are storing in their SaaS cloud applications and how to protect it from data breaches. So, listen to us discuss securing your SaaS. More info at HelpMeWithHIPAA.com/334

Protecting your company's data is no longer optional. With so many changes in how people work today and where they are working from, keeping a low profile when it comes to protecting data won't cut it anymore. Today, we review a recent report released by Shred-it, a secure information destruction company, called Data Protection Report 2021. More info at HelpMeWithHIPAA.com/333

For the Thanksgiving episode this year, we talk to the Kardon Team about the recent social engineering attack; a follow up from our Halloween episode, We Are Under Attack - Ep 328. We find out what they experienced and how they felt during and after the attack. And, because it's Thanksgiving, we each share what we are thankful for in 2021. More info at HelpMeWithHIPAA.com/332

Use of legacy software and devices plague healthcare. OCR's recent newsletter focuses on why legacy systems are still used in healthcare organizations and provides guidance on ways to manage the risks of these systems. More info at HelpMeWithHIPAA.com/331

The HITECH Act added that state attorney generals can take on cases on behalf of their constituents under HIPAA. We haven't seen that many cases from the states thus far, but that may be changing. Today we discuss a recent New Jersey case regarding fraud, deceit, misrepresentation and professional misconduct. This is an eye opening state level case that everyone should pay attention to. More info at HelpMeWithHIPAA.com/330

Insider threats are dangerous for any organization, not just healthcare. As a result, healthcare organizations need to be extra vigilant when it comes to protecting patient data. Today, we talk with Ray Ribble, CEO of SPHER, to hear some stories about why it's important to review EHR logs and how his company can help you identify potential insider threats. More info at HelpMeWithHIPAA.com/329

It's time for our annual Halloween episode! This year we will tell you a scary, true story of how our two companies were actively targeted and attacked by a cybercriminal. Hear what happened and how our teams reacted to the cyber attack. More info at HelpMeWithHIPAA.com/328

In today's episode, we talk with Josh Corman, Chief Strategist Cybersecurity and Infrastructure Security Agency (CISA) at the Department of Homeland Security. We will learn about CISA and what information and freely available services they provide to help healthcare businesses and other organizations within the nation's 16 critical infrastructure sectors from cyber attacks. More info at HelpMeWithHIPAA.com/327

Email is a great tool for communication. It is quick, simple, and it has the potential to reach so many people in so little time. But, it can also be an easy way for hackers to get their hands on your personal information if you're not being careful. Phishing scams are one of the most popular ways that hackers use email as a tool to steal your information and cause data breaches. Email is evil! More info at HelpMeWithHIPAA.com/326

IT and cybersecurity services are not the same. If you are in the market to purchase managed services or security services from an IT firm, you'll want to listen to this podcast to understand how they are different, why they are different and why you need to understand those differences to better protect your organization from cyber attacks. More info at HelpMeWithHIPAA.com/325

In a world where people are more dependent on technology but lack the expertise to manage their own networks and systems effectively and efficiently, they turn to Managed Service Providers (MSPs). CISA has released a guide, Risk Considerations For Managed Service Provider Customers, that outlines risk considerations organizations need to consider when they partner with a MSP. We will cover this in today's episode and we are making a big announcement that you'll want to hear. More info at HelpMeWithHIPAA.com/324

There are many challenges that come with preparing for and responding to a ransomware attack. Ransomware gangs are constantly changing their tactics in order to get to your organization's data. Therefore, as the ransomware landscape continues to evolve, so too must the preparations and responses of businesses. More info at HelpMeWithHIPAA.com/323

You know how we love to pass along guides and resources that can help you improve your organization's privacy and security programs. Today, we are going to review a recent resource guide put out by HHS' ASPR TRACIE office called Healthcare System Cybersecurity - Readiness and Response Considerations. This guide is packed with very helpful tips, best practices, and resources surrounding cybersecurity and responding to cyber incidents. And it's FREE! More info at HelpMeWithHIPAA.com/322

Social media is full of people who speak "confidently" about topics that they simply do not fully understand. HIPAA is one of those topics. Today, we are covering 7 HIPAA facts that we hope will set the record straight about frequently misunderstood HIPAA topics. More at HelpMeWithHIPAA.com/321

Learn 'tricks of the trade' from a real social engineering tester. We interview William Price of Cyberx.tech to learn how they are able to successfully penetrate a company's defenses and get access to their most critical information. How likely would your organization be vulnerable to these same methods? More info at HelpMeWithHIPAA.com/320

Have you ever heard tech folks refer to a computer problem as an ID10T error? You probably thought it was some highly technical term geeks use. Well, it's not and today we are going to talk about a couple posts and articles where folks' are flying their ID10T flag high and proud. And hopefully try to prevent you from making an ID10T error. More info at HelpMeWithHIPAA.com/319