Blog

Lessons Learned from 2016 HIPAA Phase 2 Audits

by Sarah Harvey / May 9, 2023

Now, with more than 200 Phase 2 HIPAA desk audits completed, Devin McGraw, Deputy Director of the Department of Health and Human Services’ Office for Civil Rights, is encouraging healthcare organizations to take a look at lessons learned from the completed desk audits to prepare for future HIPAA audit enforcement. Understanding and navigating HIPAA audit enforcement has been on the minds of healthcare professionals for several years. Many covered entities…

Ransomware Alert: Defend Yourself Against WannaCrypt

by Sarah Harvey / December 19, 2022

On Friday May 12th, 2017, a large ransomware attack was launched, known as WannaCrypt (a.k.a. WannaCry), which infected more than 230,000 computers across 150 countries, and counting. This unprecedented cyberattack has left organizations struggling in the aftermath as they try to recover. WannaCrypt demands payment of ransom in bitcoin and has spread in several ways; phishing emails and as a worm on unpatched computers. The attackers responsible for WannaCrypt used…

The HIPAA Risk Analysis

by Sarah Harvey / December 19, 2022

The HIPAA risk analysis is the starting point for any HIPAA audit, and the most important component for achieving and maintaining HIPAA compliance. If risk analysis is such a critical part of HIPAA compliance, why is it the number one finding by the Office for Civil Rights (OCR)? Unfortunately, this means that a lot of business associates and covered entities, who are required to comply with HIPAA laws, just aren’t…

The Rise of Ransomware: Best Practices for Preventing Ransomware

by Sarah Harvey / June 14, 2023

Ransomware is becoming a buzzword that is showing up in the headlines nearly every day. Some even refer to it as the “billion-dollar nightmare for businesses.” Malicious attackers using ransomware don’t tend to discriminate against the type of data they target, however, recent reports show that healthcare data is quickly becoming the most commonly affected data by ransomware attacks. Understanding how ransomware works and affects organizations can help entities to…

Compliance is Never Enough: Encryption & Key Management

by Sarah Harvey / November 27, 2023

Understanding a Key Management Program The purpose of this presentation is to give you a foundation of understanding encryption. This webinar will not delve into the math involved, but rather, you will learn about the different types of encryption, key management basics, algorithm uses, and encryption attacks. First, let’s define and discuss symmetric versus asymmetric encryption. Symmetric-key algorithms are algorithms for cryptography that use the same cryptographic keys for both…

Lessons Learned from 2016 HIPAA Phase 2 Audits

Ransomware Alert: Defend Yourself Against WannaCrypt

The HIPAA Risk Analysis

The Rise of Ransomware: Best Practices for Preventing Ransomware

Compliance is Never Enough: Encryption & Key Management

Categories

Newsletter

Learn what you need to get started with our Audit Readiness Guide.