The opinions expressed in this blog article are those of the author alone. In our previous blog, we discussed how pagers used in medical settings present an opportunity for threat actors to intercept valuable protected health information (PHI) and disrupt encryption and privacy. For malicious hackers, radio-based communications are a potential attack vector that organizations should… Read More
Tag: compliance
Attention: OCR is Serious About HIPAA Security Rules Enforcement
Big or small, if you are a covered healthcare entity or business associate that handles protected health information (PHI) in any capacity, you should be aware that the U.S. Department of Health and Human Services Office for Civil Rights (OCR) is notably strengthening enforcement and sanctions related to the HIPAA Security and Privacy Rules. In… Read More
Could Test Data Be a Liability Under the New GDPR Framework? [Guest Blog]
The GDPR (General Data Protection Regulation) is a recently ratified legal framework that introduces wide-ranging reforms of the use of personal data about EU citizens. Finalized on April 14, the reforms aim to give individuals control over use of their personal data. The GDPR supersedes the International Safe Harbor laws that most companies in the US have been operating… Read More
Defining Cyber Due Diligence For Law Firms
What is cyber due diligence? It’s a phrase that is often associated with mergers and acquisitions (M&A), in particular when it comes to the risk assessment of an organization. Cyber due diligence is a necessary practice to determine the risk level of a company’s data security before an investment is made. It’s becoming just as critical… Read More