Business Associate Due Diligence: Lessons Learned from AMCA

by Sarah Harvey / December 16, 2022

In most healthcare settings, third parties are relied upon to provide secure offerings to assist covered entities in providing quality, secure healthcare services.  Covered entities ultimately bear the responsibility of validating their third party security standards, however, covered entities often times still fall short in ensuring that business associates guard protected health information (PHI) against advancing cybersecurity threats. In one of the most recent cases, Quest Diagnostics, one of the…

5 Critical Things to Consider When Choosing Your Penetration Tester

by Sarah Harvey / December 16, 2022

Have you been asked by a client to undergo penetration testing? Do you want to ensure the security of your critical systems? Getting the most out of your investment in penetration testing means that you must perform your due diligence and make sure that the penetration tester you’ve hired can deliver quality, thorough penetration testing services. How can you do that? By taking the following five things into consideration when…

What is a HITRUST Interim Assessment?

by Sarah Harvey / June 14, 2023

If you’re new to the HITRUST CSF® assessment process, you might be wondering just how different the audit process is from other audits. The requirement of the interim assessment is one of the main ways that HITRUST® certification is unique. What happens during this interim review? Let’s take a look at what you can expect during a HITRUST interim assessment. Overview of the HITRUST CSF Assessment Process The HITRUST CSF…

3 Objectives of the COSO Framework and SOC 1

by Joseph Kirkpatrick / April 5, 2023

SOC 1 and the COSO Framework If you’re new to the SOC 1 audit process, you might be wondering what framework is used to evaluate the effectiveness of internal controls. This would be the Committee of Sponsoring Organizations of the Treadway Commission, or COSO Internal Control – Integrated Framework. This framework is one of the most common frameworks used to design, implement, maintain, and evaluate internal controls. It outlines three…

Breach Report 2019 – June

by Sarah Harvey / December 16, 2022

Regardless of the size or industry of organizations, every month there is headline after headline about new data breaches. Whether it’s a ransomware attack, a negligent employee opening a phishing email, or a state-sponsored attack, millions of individuals are impacted by data breaches and security incidents on a regular basis. Let’s take a look at some of the top data breaches that occurred during June and the lessons learned from…