How the 405(d) Program and Task Group is Helping Healthcare Security

Healthcare organizations continue to be prime targets for malicious actors. OCR data in a recent Health IT Security article showed more than 127 breaches reported so far in 2022 had impacted over 6 million individuals. In addition to increased threats, the healthcare industry has the highest cost per incident at $9.23 million, up $2 million […]

How Proposed 2021 HIPAA Changes Will Affect Your Healthcare IT

On January 21, 2021, an important development in cybersecurity news was released. The United States Department of Health and Human Services (HHS) and the Office for Civil Rights (OCR) issued Notice of Proposed Rulemaking (NPRM) to modify the Standards for the Privacy of Individually Identifiable Health Information (Privacy Rule) under the Health Insurance Portability and Accountability Act […]

Recommendations on NIST Resource Guide

Fortified recently responded to an opportunity from NIST to comment on the utility of NIST Special Publication (SP) 800-66, Revision 1, commonly referred to as the Resource Guide. The Resource Guide and other industry standards are critical to the success of our clients to safeguard electronic protected health information (ePHI) and personally identifiable information (PII). […]

Is Electronic Protected Health Information (ePHI) Getting Outside Your Healthcare Organization?

Under HIPAA regulations, health information or data that can be used to identify an individual patient is categorized as protected health information (PHI) and must undergo a wide range of practices explicitly designed to protect patient confidentiality. Covered entities must implement processes and controls to ensure confidentiality, integrity, and availability of physical PHI and electronic […]

Benefits of Continuous HIPAA Analysis

The HIPAA Security Rule Administrative Safeguards includes requirements that covered entities “implement policies and procedures to prevent, detect, contain and correct security violations.” This standard requires both Risk Analysis and Risk Management.  The Risk Analysis implementation specification requires covered entities to “conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the […]

6 Recommendations to Enhance Healthcare Cybersecurity

Cyber attacks are a regular occurrence throughout the healthcare industry. Unfortunately, not only are data and network security compromises common, they are also costly. A cyberattack can cost the organization $1.4 million in recovery expenses alone on average, including loss of productivity, service disruption, and irreparable reputation damage for medical provider.  Cybercriminals often target the […]

6 Considerations for HIPAA Compliant Penetration Testing

Strategic and results-driven penetration testing (also known as pen testing) helps healthcare enterprises maintain the highest levels of network security across their entire organization. Often referred to as “ethical hacking,” a penetration test examines an organization’s digital enterprise vulnerabilities and assesses those vulnerabilities through the same methods that a real-world threat agent would. Pen testing […]

5 Things Healthcare Companies Miss When Preparing Audits

Audit. The mere mention of the word can instantly stir mild to moderate panic throughout even the most diligent healthcare IT department. For myriad of reasons, most healthcare organizations dread the idea of conducting industry-mandated cybersecurity risk assessments. Compliance evaluations are time-consuming, disrupting normal business activities, and potentially exposing network security risks and compromises. While […]

HIPAA Risk Analysis: 7 Key Considerations for Healthcare

The HIPAA Security Rule mandates that healthcare organizations must have the appropriate technical, administrative, and physical safeguards in place to protect the integrity, security, and confidentiality of electronically stored health data against a data breach or cyber attack. To remain compliant with HIPAA regulations, healthcare organizations must conduct an annual risk analysis. However, each year […]

What Does It Mean to Be HITRUST-Certified?

Healthcare providers across every specialty rely on high-performing technology to both treat and support their patients. Whether it’s integrating a cloud-based CRM to automate back office functioning such as appointment scheduling or billing, or incorporating the latest, state-of-the-art connected medical devices into a treatment protocol, innovation is at the very core of most healthcare organization’s […]