A new year is right around the corner. The good news is 2021 wasn’t as unpredictable as 2020, but 2022 could be tricky to navigate. It’s time for the review of our 2021 predictions and for us to set new ones for 2022. So, let’s get started.
More info at HelpMeWithHIPAA.com/336
Well, another year is coming to a close. No one will forget living through 2020. Then, 2021 said "Hold my beer." As with every year, there were ups and downs. Who knows what we will be in for in 2022. Regardless, we will continue to adjust.
Thanks to Bojan and our teams who help make this podcast a success. And special thanks to all our podcast listeners. We appreciate everyone’s continued support of our efforts to educate and entertain.
As we do at the end of each year, we let Bojan create a podcast of our bloopers and behind the scenes silliness. Enjoy his 2021 Blooper Show. It gives us a week off and gives him a chance to get back at us for the whole year of crap.
More data privacy and security madness coming your way next year! Happy Holidays and Happy New Year to you all!
OCR has released resolutions to five cases in its HIPAA Patient Right of Access Initiative. This brings the total cases to 25 since the initiative began. These cases continue to underscore the importance of this initiative.
More info at HelpMeWithHIPAA.com/335
SaaS continues to grow as a popular way to deploy business applications. It is crucial for businesses to understand what data they are storing in their SaaS cloud applications and how to protect it from data breaches. So, listen to us discuss securing your SaaS.
More info at HelpMeWithHIPAA.com/334
Protecting your company’s data is no longer optional. With so many changes in how people work today and where they are working from, keeping a low profile when it comes to protecting data won’t cut it anymore. Today, we review a recent report released by Shred-it, a secure information destruction company, called Data Protection Report 2021.
More info at HelpMeWithHIPAA.com/333
For the Thanksgiving episode this year, we talk to the Kardon Team about the recent social engineering attack; a follow up from our Halloween episode, We Are Under Attack - Ep 328. We find out what they experienced and how they felt during and after the attack. And, because it’s Thanksgiving, we each share what we are thankful for in 2021.
More info at HelpMeWithHIPAA.com/332
Use of legacy software and devices plague healthcare. OCR’s recent newsletter focuses on why legacy systems are still used in healthcare organizations and provides guidance on ways to manage the risks of these systems.
More info at HelpMeWithHIPAA.com/331
The HITECH Act added that state attorney generals can take on cases on behalf of their constituents under HIPAA. We haven’t seen that many cases from the states thus far, but that may be changing. Today we discuss a recent New Jersey case regarding fraud, deceit, misrepresentation and professional misconduct. This is an eye opening state level case that everyone should pay attention to.
More info at HelpMeWithHIPAA.com/330
Insider threats are dangerous for any organization, not just healthcare. As a result, healthcare organizations need to be extra vigilant when it comes to protecting patient data. Today, we talk with Ray Ribble, CEO of SPHER, to hear some stories about why it’s important to review EHR logs and how his company can help you identify potential insider threats.
More info at HelpMeWithHIPAA.com/329
It’s time for our annual Halloween episode! This year we will tell you a scary, true story of how our two companies were actively targeted and attacked by a cybercriminal. Hear what happened and how our teams reacted to the cyber attack.
More info at HelpMeWithHIPAA.com/328
In today’s episode, we talk with Josh Corman, Chief Strategist Cybersecurity and Infrastructure Security Agency (CISA) at the Department of Homeland Security. We will learn about CISA and what information and freely available services they provide to help healthcare businesses and other organizations within the nation’s 16 critical infrastructure sectors from cyber attacks.
More info at HelpMeWithHIPAA.com/327
Email is a great tool for communication. It is quick, simple, and it has the potential to reach so many people in so little time. But, it can also be an easy way for hackers to get their hands on your personal information if you're not being careful. Phishing scams are one of the most popular ways that hackers use email as a tool to steal your information and cause data breaches. Email is evil!
More info at HelpMeWithHIPAA.com/326
IT and cybersecurity services are not the same. If you are in the market to purchase managed services or security services from an IT firm, you’ll want to listen to this podcast to understand how they are different, why they are different and why you need to understand those differences to better protect your organization from cyber attacks.
More info at HelpMeWithHIPAA.com/325
In a world where people are more dependent on technology but lack the expertise to manage their own networks and systems effectively and efficiently, they turn to Managed Service Providers (MSPs). CISA has released a guide, Risk Considerations For Managed Service Provider Customers, that outlines risk considerations organizations need to consider when they partner with a MSP. We will cover this in today’s episode and we are making a big announcement that you’ll want to hear.
More info at HelpMeWithHIPAA.com/324
There are many challenges that come with preparing for and responding to a ransomware attack. Ransomware gangs are constantly changing their tactics in order to get to your organization's data. Therefore, as the ransomware landscape continues to evolve, so too must the preparations and responses of businesses.
More info at HelpMeWithHIPAA.com/323
You know how we love to pass along guides and resources that can help you improve your organization's privacy and security programs. Today, we are going to review a recent resource guide put out by HHS’ ASPR TRACIE office called Healthcare System Cybersecurity - Readiness and Response Considerations. This guide is packed with very helpful tips, best practices, and resources surrounding cybersecurity and responding to cyber incidents. And it’s FREE!
More info at HelpMeWithHIPAA.com/322
Social media is full of people who speak “confidently” about topics that they simply do not fully understand. HIPAA is one of those topics. Today, we are covering 7 HIPAA facts that we hope will set the record straight about frequently misunderstood HIPAA topics.
More at HelpMeWithHIPAA.com/321
Learn 'tricks of the trade' from a real social engineering tester. We interview William Price of Cyberx.tech to learn how they are able to successfully penetrate a company's defenses and get access to their most critical information. How likely would your organization be vulnerable to these same methods?
More info at HelpMeWithHIPAA.com/320
Have you ever heard tech folks refer to a computer problem as an ID10T error? You probably thought it was some highly technical term geeks use. Well, it’s not and today we are going to talk about a couple posts and articles where folks’ are flying their ID10T flag high and proud. And hopefully try to prevent you from making an ID10T error.
More info at HelpMeWithHIPAA.com/319
It’s that time of year again. Time to start preparing for National Cybersecurity Awareness Month coming up in October. Do Your Part. #BeCyberSmart is the theme again this year. Be a Cybersecurity Awareness Month Champion for your business, your community and your family.
More info at HelpMeWithHIPAA.com/318
Managing your vendors, or your supply chain, has become increasingly more important these days. As we’ve seen in the news just in the last several months, data and system breaches can come as a result of the vendors you work with. So, we felt like it was time to revisit this topic by reviewing the recent update to the HIC SCRiM guide that includes 6 steps for vendor management.
More info at HelpMeWithHIPAA.com/317
Every year we cover the most recent report released on the cost of a data breach. No surprise from this year’s report that the cost continues to rise. And healthcare breaches cost the most across all industries. Listen in as we go through IBM’s Cost of Data Breach Report 2021.
More info at HelpMeWithHIPAA.com/316
There’s a new data breach notification bill in Congress that will affect the business community as a whole, not just healthcare. It will create a new data breach disclosure requirement for federal agencies, federal contractors and critical infrastructure companies. It’s time to let folks know when breaches happen. We can’t protect ourselves from things we don’t know about.
More info at HelpMeWithHIPAA.com/315
There is so much happening in the cyber world today that we couldn’t decide on just one topic to cover in this episode. So, we will be jumping around and covering a lot of different cyber topics, hence the title of the podcast, Cyber Sqwerl. So, listen fast folks… we’ve got a lot to cover.
More info at HelpMeWithHIPAA.com/314
Summertime, holidays and long weekends, where many of us are taking time off, are prime times for cyber attacks. The bad guys are counting on people being in a hurry and letting their guard down so it’ll make it easier to suck you into their attack. July 4th 2021 was no different. An MSP was attacked by cyber criminals. Although this is still an active incident, we will cover what we know in today’s podcast.
More info at HelpMeWithHIPAA.com/313
Offshore services are a popular option for many businesses. The ability to work around the clock from different sides of the planet is one thing but the cost savings are the primary driving force for this solution. When it comes to HIPAA Business Associates, though, there are a lot of variables that must be considered when deciding whether to offshore or not.
More at HelpMeWithHIPAA.com/312
Securing your business is not always the easiest thing to do nor the cheapest. Today we will review a Cisco study on small and medium sized businesses and their security best bets. In other words, the things that you can do that will help you to most likely attain success and get you the most bang for your buck.
More info at HelpMeWithHIPAA.com/311
The Department of Labor (DOL) Employee Benefits Security Administration (EBSA) issued its very first cybersecurity guidance in April 2021and they sound remarkably like all the things that we recommend doing under HIPAA, HICP and the NIST cybersecurity framework. Let’s check it out!
More info at HelpMeWithHIPAA.com/310
They say ignorance is bliss. Ignorance can also leave you vulnerable to cyber attacks and patient safety issues. As we see news about cyber attacks coming from everywhere, you might ask “Is it really that bad?” Yes, yes it is. And it continues to get worse.
More info at HelpMeWithHIPAA.com/309
Privacy and security should be a part of all organizations day-to-day activity and company culture. But how do you know how mature your privacy and security program really is? By using one of the many maturity models. Today, we are discussing the new DoD Cybersecurity Maturity Model Certification (CMMC) that breaks controls into levels so you can see what implementation level or maturity level your program is at any given moment.
More info at HelpMeWithHIPAA.com/308
It’s been a while since we’ve reviewed an OCR settlement that wasn’t about the patient right of access initiative. Things are a changin', and in more ways than one. OCR announced the Peachstate settlement just this week that got our attention. How this case ended up being investigated in the first place is interesting. And as usual, the headline doesn’t tell the whole story. So, let’s dive in and check it out.
More info at HelpMeWithHIPAA.com/307
One of the biggest security problems on the Internet is a ransomware attack. Ransomware can impact all our lives. Just take the Scripps Health and Colonial Pipeline ransomware attacks that we discussed in recent podcast episodes. Last week we gave you 6 tips for planning for a ransomware attack. And today we are going to discuss 6 points from the recently released cybersecurity Executive Order.
More info at HelpMeWithHIPAA.com/306
Ransomware is just not going away. Falling victim to a ransomware attack will have a BIG impact on you, your business, your clients and your patients. So, today we share some ransomware planning tips. It’s important to know what things you should be doing and should at least consider so that you don’t get caught with your proverbial “pants down.”
More info at HelpMeWithHIPAA.com/305
We’ve talked about how damaging a ransomware attack can be in healthcare, not only for the practice or health facility but also for patients and the integrity and availability of their data. Today, we discuss an active ransomware attack affecting a health system that is not just making the local news, but also is blowing up on social media and creating a number of privacy concerns. The implications for their patients is terrifying.
More info at HelpMeWithHIPAA.com/304
We’ve all seen the websites of companies that claim to have a “HIPAA compliant” app, product or service. But does that really mean anything? The short answer is NO! There is no such thing. Today, we answer a listener question about products and services with these types of claims. And, as you can imagine, we have a lot to say about this topic.
More info at HelpMeWithHIPAA.com/303
We talk about patching pretty frequently on the podcast, but there is still a misconception that your IT or MSP team is patching everything. Systems are not designed to patch all hardware and software all of the time. There is a level of responsibility that falls on us to understand what is being patched by IT, what isn’t and what we do about those unpatched applications.
More info at HelpMeWithHIPAA.com/302
Basic Cyber Hygiene is a fairly new term, but I realized we have mentioned it several times over the last few weeks. What do we really intend people to see when we talk about it? That may be helpful if we think it would solve most of our cyber attack problems, huh.
More info at HelpMeWithHIPAA.com/301
Hard to believe that this is our official 300th episode! We are still a tiny podcast in a huge sea but we are pretty sure you can not find a longer running podcast about HIPAA Privacy and Security. To celebrate we have some very special guests, Dave Bittner and Ben Yellen from the CyberWire Caveat podcast. They are joining us for a discussion about where we all see things going in the future for data privacy laws and cybersecurity protections.
More info at HelpMeWithHIPAA.com/300
Each year the National HIPAA Summit 2021 is a regular event for us. It was held last year just before the shutdown. The event this year was loaded with discussions about what had happened in the previous 12 months and the massive list of things happening in the next 12 months. That is A LOT of HIPAA! Today we cover part 2 of news of note from the conference.
More at HelpMeWithHIPAA.com/299
If you are a regular listener of the podcast, you know how Donna loves to “HIPAA-geek out” over the HIPAA Summit each year. Things are no different this year as the virtual conference stretched 3 full days and another half day. Needless to say Donna got TONS of information to share - so much so we won’t be able to fit it all in this one podcast. So, let’s get to Part 1 of the HIPAA Summit 2021.
More info at HelpMeWithHIPAA.com/298
Cyber attacks keep on coming and there is no expectation that they’ll ever stop. Attacks are coming from everywhere - vulnerabilities in software applications, insecure IoT devices connected on the internet, email attacks and phishing, etc. Protecting your systems from cyber attacks is not a “one and done,” “set it and forget it” project. It is a critical and continuous business process that every organization must address. And, surprise surprise, it also requires vetting your vendors as many attacks are coming through your supply chain.
More info at HelpMeWithHIPAA.com/297
Reports are coming out evaluating cyber threats with stats and details documenting the aftermath of attacks happening in 2020 and the outlook for 2021. Let’s just say they are all on brand with what you expect from anything related to 2020. As you can guess, it isn’t looking good for 2021 based on where we are right now. We reviewed some of the articles and reports evaluating cyber threats so you don’t have to... unless you must.
More at HelpMeWithHIPAA.com/296
Isn’t it always the little things that make a big difference? That’s true not only in life, but also when it comes to protecting your data and network from attacks. And, it is often the small things that when overlooked can become a big problem. So, today we are talking about some of the things that you need to be looking for and that can make a big difference in your privacy and security programs.
For more info HelpMeWithHIPAA.com/295
Supply chain cyber threats are happening so often it seems like they keep showing up in the news daily. The list of cases keeps growing every month. So much is still slowly being learned about the SolarWinds attack it is getting hard to keep up with how far it goes. Now we have water systems and more healthcare breaches trickling in. This week I even saw a case we covered before about exposed PACS images. It’s time for us to talk about what these supply chain attacks mean to the rest of us.
For more info HelpMeWithHIPAA.com/297
Supply chain cyber threats are happening so often they keep showing up in the news. The list keeps growing every month. So much is still slowly being learned about the SolarWinds attack it is getting hard to keep up. Now we have water systems and more healthcare breaches trickling in. It’s time for us to talk about what these supply chain attacks mean to the rest of us.
More at HelpMeWithHIPAA.com/293
Smart cyber habits are part of a new initiative introduced by CISA they have titled Reduce the Risk of Ransomware Awareness Campaign that will be running for a new month now. The campaign includes a lot of great educational information and a toolkit among other things they have planned. Certainly worth us sharing with you guys because you can’t have too many chances to find something that will connect with leadership or your workforce.
More at HelpMeWithHIPAA.com/292
HHS's Office for Civil Rights published their proposed changes to the HIPAA Privacy Rule. The changes include some required to make HIPAA better align with the requirements of 21st Century Cures Act for patient access to their records. There's a few other changes to note, as well. Let's check them out, shall we?
More into at HelpMeWithHIPAA.com/291
During NCSAM Kardon signed up for the Terranova Phishing Tournament - much to everyone’s surprise. Great news is we didn’t have anyone clicking on the link. What did they learn in the tournament?
More at HelpMeWithHIPAA.com/290
The OCR enforcement announcements keep coming. Our reviews of not only the new announcements but news on some of the older ones are the topic for today. Did you know one from 2018 is still being reviewed in the courts while we get new ones already in 2021?
More at HelpMeWithHIPAA.com/289
Always great to talk cybersecurity insurance coverage with John Miller of Sterling Seacrest Partners. Threats are constantly evolving for all of us. That means cyber liability coverage must also evolve.
Have you evaluated what your cyber policy will really cover when you are attacked? There are certainly several areas John brings up for us all to consider in our cybersecurity policies.
More info at HelpMeWithHIPAA.com/288
Making annual predictions is always a little bit guessing and a lot of luck by the end of the year. No way any of us could have predicted where we would go throughout the year we just call 2020. Only history will tell us will give us the distance to understand the last 12 months. Who knows where we will go next but what the umm heck. We figured we would do it again.
More info at HelpMeWithHIPAA.com/287
A new HIPAA safe harbor rule is out there floating around now. A safe harbor is a legal term that refers to laws and regulations that specify that certain actions will be considered not to violate a given rule. It is often used to clarify big standards like HIPAA. Encryption is one of those things under the breach rules. Do you know about HR 7898?
More at HelpMeWithHIPAA/286
