Understanding the Hospital Cyber Resiliency Landscape Analysis

by Hannah Grace Holladay / March 12, 2024

The United States Healthcare and Public Health (HPH) sector is facing a dramatic increase in cyber-attacks that are disrupting patient care and safety.  Hospitals are facing directly targeted ransomware attacks that aim to disrupt clinical operations. According to a new study (linked below) by the U.S. Department of Health and Human Services (HHS), 96% of small, medium, and large sized hospitals claim they are operating with end-of-life operating systems or…

Barbie vs. Oppenheimer: What Barbenheimer Can Teach Us about Risk Management

by Tori Thurmond / March 21, 2024

If you were paying any attention to pop culture last summer, chances are you caught wind of two of the biggest movies of the year being released on the same day last July. Greta Gerwig’s Barbie and Christopher Nolan’s Oppenheimer broke box-office records as movie-lovers flocked to the theaters to see what all of the commotion was about. Some even decided to see both films on the same day, a…

Notes from the Field: CIS Control 15 – Service Provider Management 

by Greg Halpin / March 7, 2024

The client I was conducting a gap analysis for had an incredibly detailed Service Provider Management Policy. It required the company compliance team to conduct due diligence on all prospective service providers, including a risk analysis of each. The policy required the compliance team to review the prospective vendor's SOC 2 audit report and research the vendor's financial stability and reputation. The compliance team was to conduct annual reviews of…

SSAE 16 vs SSAE 18: Changes to SOC 1 Compliance Audits

by Hannah Grace Holladay / February 28, 2024

In April 2016, the American Institute of Certified Public Accountants (AICPA) made an important update to the attestation standards that will affect your next SOC 1 audit. Statement on Standards for Attestation Engagements (SSAE) No. 18, Attestation Standards: Clarification and Recodification provides changes to SOC 1 audits and how attestation engagements are categorized. Below, we explore the reason for this change and how the SSAE 18 affects you What is…

5 Risk Management Best Practices for Organizational Management

by Tori Thurmond / February 27, 2024

Every day, we continuously evaluate risks and decide how to prevent them from adversely impacting us. We foresee the possibility of something happening to our car, hence we buy insurance. We know the statistics of home break-ins, so we set up an alarm system and replace the locks. We see the forecast for rain and bring an umbrella when we leave the house. Similarly, every business organization also has risks…