New HHS Cyber Plan Announced - Ep 438

It’s no secret that healthcare is vulnerable to cybersecurity threats and patient privacy and safety are at risk. Good news! HHS recently announced a plan to enhance cybersecurity in the healthcare and public health sectors. Through various initiatives, including 405(d) and other HHS efforts, plans are starting to come together like pieces of a puzzle to help practices stay ahead in the ever-evolving landscape of cybersecurity. It's time to get informed and take action to protect your practice, business, and patients.

More info at HelpMeWithHIPAA.com/438

Check out the episode!

2023 Holiday Blooper Show

It's time of year again where we take some time off and let Bojan create a Help Me with HIPAA bloopers show of our mishaps and outtakes. Stick around to the end - we have a little surprise for you.

Thanks to Bojan for his skill in making us sound so good every week. 

Thanks to all our listeners who have been with us and share our podcast with others. We are here because of you.

As always, remember, HIPAA is not about compliance, it is about patient care.

Check out the episode!

Decoding CISA's HPH Mitigation Guide - Ep 437

CISA has released a mitigation guide to combat the critical and complex cyber threats affecting the Healthcare and Public Health Sector. It provides best practices, essential strategies and insights for safeguarding our healthcare infrastructure against ever-evolving cyber threats. Join us as we navigate through this important document, breaking down its complexities and highlighting its significance in the ongoing battle against cyber threats in the healthcare sector.

More info at HelpMeWithHIPAA.com/437

Check out the episode!

Multi-state Cyber Attack Diverts ER Ambulances - Ep 436

You know how we say that hackers love to launch attacks during the holidays because that’s when most folks are distracted and in a hurry to begin their time off? Well guess what?  There are already a few cyber attacks in the news just from this past Thanksgiving. Case in point, the recent ransomware attack that diverts ER ambulance services across multiple states.

More info at HelpMeWithHIPAA.com/436

Check out the episode!

Breach Equals Class Action Lawsuits - Ep 435

A data breach can have significant and far-reaching consequences for both patients and businesses in the healthcare industry. Today, we delve into the impacts of a recent breach and discuss the evolving challenges of managing healthcare vendors with access to sensitive patient information. Plus, we weigh in on patient privacy concerns when it comes to the media.

More info at HelpMeWithHIPAA.com/435

Check out the episode!

FBI Private Industry Notification - Ep 434

It is crucial to apply mitigation strategies to reduce the likelihood and impact of ransomware incidents due to the severe and far-reaching consequences these cyber threats can have on individuals, organizations, and society as a whole. The FBI recently published a notification highlighting emerging ransomware trends involving attacking the same victims multiple times. Listen in to hear what you can do to help reduce the likelihood of becoming a victim.

More info at HelpMeWithHIPAA.com/434

Check out the episode!

CISO Security Maturity Report 2023 - Ep 433

Evaluating the security posture of organizations through the lens of culture, technology, risk, and people is crucial in today's complex digital landscape. Culture sets the tone for an organization's security mindset, influencing employee behavior and awareness.  Today, we review ClubCISO’s Information Security Maturity Report 2023 that evaluates the security posture according to CISOs across the globe.

More info at HelpMeWithHIPAA.com/433

Check out the episode!

First OCR Ransomware Settlement - Ep 432

OCR just announced its first ransomware settlement, emphasizing the importance of proactive cybersecurity measures and the implications for business associates. Ransomware threats are increasingly common, evolving rapidly and continue to target the healthcare industry which highlights the importance of healthcare organizations and their business associates to prioritize cybersecurity.

More info at HelpMeWithHIPAA.com/432

Check out the episode!

Top 10 Cybersecurity Misconfigurations - Ep 431

In our rapidly evolving digital environment, cybersecurity misconfigurations pose significant threats to organizations of all sizes. Misconfigurations can expose systemic weaknesses and make organizations vulnerable to cyber attacks. In this episode, we will review a report from the NSA and CISA highlighting some of the most common misconfigurations that need to be addressed.

More info at HelpMeWithHIPAA.com/431

Check out the episode!

Are Nightmares Contagious? - Ep 430

When vendors have incidents that disrupt their operations, it’s like having ghosts haunt a business's continuity plan, just waiting to make an eerie appearance. That's why it is crucial for businesses to include vendor-related security incidents or downtime in their business continuity plans. One company’s nightmare can be contagious to its customers.

More info at HelpMeWithHIPAA.com/430

Check out the episode!

Alerts Coming From Everywhere - Ep 429

In today's interconnected digital world, keeping up with cybersecurity alerts is like having a trusty, cyber-savvy sidekick by your side. As our reliance on technology continues to grow, staying ahead of the game is essential. Cybersecurity alerts are like the Bat-Signal of the digital realm, lighting up to warn you of impending threats. Proactive vigilance in the face of these alerts is not merely a best practice; it's an imperative in safeguarding sensitive data, privacy, and the integrity of our increasingly digital lives.

More info at HelpMeWithHIPAA.com/429

Check out the episode!

HIPAA Online Tracking News - Ep 428

Web tracking tools that collect or share personally identifiable health information can pose significant implications when it comes to HIPAA privacy and security. Unauthorized tracking can compromise patient confidentiality and privacy, potentially exposing sensitive health data. Today, we are doing a follow up from our previous podcast on web tracking tools and discuss a few recent articles and guidance released by HHS, FTC and OCR.

More info at HelpMeWithHIPAA.com/428

Check out the episode!

What is a CHMSP? - Ep 427

For MSPs, grasping HIPAA compliance isn't just a good idea; it's a necessity. Neglecting it can lead to legal issues and lost opportunities in the healthcare IT sector. Picture unintentionally mishandling patient data and facing legal consequences – that's a risk you can't ignore. A solid understanding of HIPAA can boost your reputation and credibility within the healthcare industry. To acquire this essential knowledge, consider enrolling in the Certified in HIPAA for MSP (CHMSP) course offered by HIPAA for MSPs. It's a valuable resource that equips MSPs with the expertise needed to excel in this specialized field.

More info at HelpMeWithHIPAA.com/427

Check out the episode!

4 Actions 4 Cyber Safety - Ep 426

Cybersecurity Awareness Month is just around the corner. It's that time of year when we all take a moment to up our game in the digital world. Whether it's creating stronger passwords, being mindful of phishing emails, or updating our software regularly, it's a reminder that our online safety matters. So, listen to this week’s podcast to find ways to keep cybersecurity top of mind and make sure our digital lives are as secure as possible!

More info at HelpMeWithHIPAA.com/426

Check out the episode!

OCR Sends Enforcement Message - Ep 425

Assuming large organizations with lots of healthcare clients have a proper HIPAA privacy and security program in place could be disastrous. OCR recently settled investigations with LA Care, a large health plan in California, for $1.3 million and a 3 year corrective action plan.  Join us as we discuss this settlement and learn from others' mistakes.

More info at HelpMeWithHIPAA.com/425

Check out the episode!

Securing Older Technologies Still In Use - Ep 424

Securing older, legacy technologies from cyber threats is extremely important in today's interconnected digital world. Older devices often lack the robust security features of modern counterparts, making them vulnerable targets for hackers seeking to exploit weaknesses. Today, we review HSCC’s Health Industry Cybersecurity – Managing Legacy Technology Security (HIC-MaLTS) guide that provides recommendations to address the legacy technology challenges facing healthcare.

More info at HelpMeWithHIPAA.com/424

Check out the episode!

Check Your Cyber Pulse - Ep 423

In the digital age, cybersecurity has become a critical concern for businesses and individuals alike. Today, we review the latest release from 405(d), Check Your Cyber Pulse. This cybersecurity cosmo quiz helps small organizations evaluate their cyber pulse regarding the 10 cybersecurity practices of HICP and decide where they should focus efforts to improve their cybersecurity behaviors.

More info at HelpMeWithHIPAA.com/423

Check out the episode!

How One MSP Handled a Ransomware Attack - Ep 422

Ransomware attacks have become a prevailing threat to businesses of all sizes, causing significant financial losses, reputational damage, and operational disruptions. In this episode, we talk with Robert Cioffi, COO and Co-Founder of Progressive Computing, who shares how they navigated through the Kaseya ransomware attack. He shares invaluable insights into their journey of resilience, recovery, and the crucial lessons learned along the way.

More info at HelpMeWithHIPAA.com/422

Check out the episode!

Successful Data Breach Communication - Ep 421

In a crisis situation, organizations must be prepared to communicate effectively in these challenging situations. Karen Phillips, of Phillips & Marek, joins us to discuss strategies and best practices for managing data breaches and how to communicate with stakeholders, including internal staff, patients and the media.

More info at HelpMeWithHIPAA.com/421

Check out the episode!

The Value in Evaluation - Ep 420

Are you worried about the safety of your data and the potential security risks to your organization? In this episode, we talk with Jen Stone of SecurityMetrics to explore the importance of performing technical and nontechnical evaluations of your security program. Jen helps to explain the benefits of thorough evaluations and how they can safeguard your organization against potential vulnerabilities.

More info at HelpMeWithHIPAA.com/420

Check out the episode!

2023 Cost of a Data Breach Study - Ep 419

As in years past, we dive into IBM’s 2023 Cost of a Data Breach Report. This annual study sheds light on the ever-evolving landscape of data breaches and provides valuable insights for organizations looking for ways to focus their efforts and money to help prevent and reduce the costs associated with a data breach.

More info at HelpMeWithHIPAA.com/419

Check out the episode!

Does HIPAA require MFA? - Ep 418

We all know how important it is to keep our personal information and important data secure. MFA can add an extra layer of protection to our digital lives. But does HIPAA require MFA? The short answer: no, but yes. Listen in to hear how best to lock your cyber door against cyber attacks.

More info at HelpMeWithHIPAA.com/418

Check out the episode!

Our takeaways from the 2023 VDBIR- Ep 417

Verizon has released their 2023 Data Breach Investigations Report (DBIR). This year they focused more on an analysis of actual data breaches - the types of incidents causing the breaches, the motivations of bad actors, how they tend to carry out their attacks and what data they are grabbing. We always look forward to reading this report because it not only has a lot of great information, but also because it contains a good bit of humor. You know we like that.

More info at HelpMeWithHIPAA.com/417

Check out the episode!

Is it time for more regulation with Josh Corman - Ep 416

In the epic battle between cyber threats and the healthcare industry, it's the patients who suffer the most. There is an urgent need for new regulations in the healthcare industry to address the challenges posed by outdated technology and cybersecurity threats. Today, we talk with Josh Corman about the need for new ideas and meaningful changes to protect hospitals and ensure the safety of critical healthcare functions. More info at HelpMeWithHIPAA.com/416

Check out the episode!

BA HHS Enforcement Does Happen - Ep 415

BAs play a vital role in healthcare organizations as they often provide services to covered entities that require them to access PHI. But, they often don’t fully understand their own HIPAA compliance obligations. OCR recently released a resolution agreement against a BA that proves BAs will be held accountable for their obligations under HIPAA.

More info at HelpMeWithHIPAA.com/415

Check out the episode!

What the heck is a CPG? Ep 414

Checklists are important for many people who deal with cybersecurity. David and Donna explain that this new checklist is not just for healthcare, but for all businesses to deal with cybersecurity. They discuss these CPGs, which are Cybersecurity Performance Goals recently published by CISA, and how they can help strengthen your cybersecurity regardless of the size and complexity of your organization.

 

More info at HelpMeWithHIPAA.com/414

Check out the episode!

Where do we go from here? - Ep 413

Healthcare cybersecurity is no walk in the park! Today, we explore the release of the "Health Industry Cybersecurity Recommendations for Government Policy and Programs" by HSCC. It provides suggestions and ideas on how government policy and programs can support the health sector in beefing up their cybersecurity defenses to help keep our health systems safe from cyber threats.  

More info at HelpMeWithHIPAA.com/413

Check out the episode!

Vacay and Holiday Security Tips - Ep 412

Vacation is a time to relax and get away from everyday worries, but it's important to take steps to ensure that your cybersecurity and privacy are not at risk. Today, we will review vacation and travel security tips from the National Cybersecurity Alliance to help you stay safe during your travels.

More info at HelpMeWithHIPAA.com/412

Check out the episode!

6 Pitfalls NIST Noticed - Ep 411

When it comes to cybersecurity, It is important to understand who your audience is and how to communicate effectively with them. Today, we discuss an article on the cybersecurity pitfalls written by Julie Haney, Usable Cybersecurity Program Lead at NIST, and the importance of involving everyone in a team approach to protecting patients' information. 

More info at HelpMeWithHIPAA.com/411

Check out the episode!

SMB Cyber Resources - Ep 410

Cybersecurity is a big challenge for all businesses these days. Regardless of the size of the business or industry it’s in, hackers are continuously trying to exploit weaknesses to gain access to networks and data. NIST and CISA have some new resources and guides that can help small and medium size businesses face the growing cyber threat.

More info at HelpMeWithHIPAA.com/410

Check out the episode!

6 News Stories - Ep 409

You know how people say “it’ll never happen to me”? Well, today we are covering six news stories that chances are will affect you either directly or indirectly in some way. We’ve got yet another story of a practice that doesn’t have a response plan, stories about hardware and software that are vulnerable or were hacked and even a story on how you can make a quick $10m. 

More info at HelpMeWithHIPAA.com/409

Check out the episode!

More Free Training and New OCR Action - Ep 408

In the fast-paced world of healthcare, where even your stethoscope can connect to the internet, cybersecurity training for everyone is an absolute must. But fear not, brave healthcare professional!  There is free cybersecurity training online! Listen in and we will tell you all about two great cybersecurity training options for workforce members and clinicians.

More info at HelpMeWithHIPAA.com/408

Check out the episode!

Cyber resiliency landscape - Ep 407

We talk a lot about understanding the current cyber threats and risks involved in not remaining vigilant in protecting against them. Today, we review the Hospital Cyber Resiliency Initiative Landscape Analysis, recently released by 405d. It provides stats and case studies from the real world. It also gives us areas we need to work on and where we need to put our investment of time and money to protect against these threats.

More info at HelpMeWithHIPAA.com/407

Check out the episode!

HICP Technical Guide Changes 2023 - Ep 406

Healthcare organizations are dealing with increasingly complex cybersecurity threats. With the use of technology and the presence of sensitive patient information, hackers see healthcare systems as valuable targets. Protecting healthcare systems is a major challenge. The 405(d) Task Group has updated their HICP guidance for small, medium and large organizations to help them better secure their networks and applications and manage risks to keep patient information safe.

More info at HelpMeWithHIPAA.com/406

Check out the episode!

405d Erick Decker Joins Us for Ep 405

It’s fitting that for episode 405 we talk with Erik Decker, lead on the HHS 405d Task Group, about the recently released Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients (HICP) 2023 edition. Since David and I are also on the 405d task group, we are excited to talk about the new updates and added resources FREELY available to help everyone prepare and fight against cybersecurity threats. 

More info at HelpMeWithHIPAA.com/405

Check out the episode!

False Sense of Security - Ep 404

Gary Salman from Black Talon Security joins David as guest host while Donna celebrates her birthday in the Keys. David and Gary will explain why not being constantly vigilant when protecting network security can lead to a false sense of security.  They will discuss the threats Black Talon is seeing in the cyber environment these days and via tabletop exercises they conduct with organizations as well as ways to help protect your organization from and prepare for cyber events and other crisis situations.

More info at HelpMeWithHIPAA.com/404

Check out the episode!

HIPAA Summit Review Part 2 - Ep 403

Today, we cover part two of our review of the HIPAA Summit.  We will cover notes from a privacy officer roundtable, security tips from IT’s point of view, key points from crisis vendors and a very interesting discussion around mergers and acquisitions. Listen in to pick up where we left off from part 1 of our 2023 HIPAA Summit Review.

More info at HelpMeWithHIPAA.com/403

Check out the episode!

2023 HIPAA Summit Review - Ep 402

As always the HIPAA Summit is very interesting and informative. This is the annual summit where we learn what’s going on in the “HIPAAsphere” and what things are coming down the pike. There is a lot of information to cover, so we will break this into two Help Me With HIPAA episodes. Here’s part 1 of our HIPAA Summit review.

More info at HelpMeWithHIPAA.com/402

Check out the episode!

Mobile Device Security Checklist - Ep 401

The importance of mobile device security cannot be overstated. With our lives becoming increasingly digital, it is essential that we take the necessary steps to secure our devices. By doing so, we can protect our data and our privacy, while also preventing malicious actors from gaining access to our accounts. 

More info at HelpMeWithHIPAA.com/401

Check out the episode!

8 Things We Learned - Ep 400

We made it to 400 episodes!  We have done, heard and learned a lot. Today, we will discuss 8 of the most important things we have learned so far.  And we still have more to learn and to share, so stay tuned!

More info at HelpMeWithHIPAA.com/400

Check out the episode!

Quick Recap - Ep 399

Today’s episode we are going to do a quick recap from the PriSec Boot Camp and we will discuss the recent FTC case involving GoodRx. The PriSec Boot Camp was a lot of fun and Donna’s Bourbon and Breaches was a hit with everyone!

More info at HelpMeWithHIPAA.com/399

Check out the episode!

National Cybersecurity Strategy - Ep 398

Earlier this month, The White House released a new National Cybersecurity Strategy aimed at building a more resilient digital environment that is easier to defend than to attack and that is secure and safe for all Americans. The focus is to shift the burden of defending the country's cyberspace towards software vendors and service providers and to stress how essential collaboration between the public and private sectors, as well as with international allies and partners, is for securing the nation against cyber threats.

More info at HelpMeWithHIPAA.com/398

Check out the episode!

Does HIPAA guarantee access? - Ep 397

Let's face it, family dynamics can be complicated and not everyone gets along. HIPAA is designed to ensure that everyone's health information is kept confidential and that only the appropriate individuals are given access. Believe it or not, HIPAA does not guarantee all relatives access to another relative's protected health information. 

More info at HelpMeWithHIPAA.com/397

Check out the episode!

How busy is OCR? - Ep 396

Today you're going to get a twofer. We're going to discuss the two recent reports that OCR submitted to Congress on the state of compliance with Privacy and Security and the other on Report Breaches and Notifications. Let’s start by saying that OCR is really busy… I mean really busy.

More info at HelpMeWithHIPAA.com/396

Check out the episode!

Data breach costs can be huge - Ep 395

Data breaches can be costly - so costly, in fact, that they can turn a business's bottom line into a roller coaster of emotion, ranging from shock and dismay to tears of dollars! But with a robust privacy and security program in place, businesses can reduce the likelihood of a data breach and the financial impact that comes with it.

More info at HelpMeWithHIPAA.com/395

Check out the episode!

OLD Attack NEW Settlement - Ep 394

Today, we are talking about a new OCR settlement that was released from a 2016 hacking attack on Banner Health’s network, causing a data breach of over 2.81 million individuals. We’ll review the OCR CAP. But suffice it to say… until we have more engagement from every person connecting to the internet, we will never make real progress in the battle against cyber criminals.

More info at HelpMeWithHIPAA.com/394

Check out the episode!

Inside Hive - Ep 393

It's a story straight out of a blockbuster movie - an elite team of FBI agents infiltrating an underground network to thwart an international crime syndicate, saving over $130 million in ransom demands. Using their expert skills, the FBI agents were able to infiltrate the Hive network without detection and shut them down… at least for now.

More info at HelpMeWithHIPAA.com/393

Check out the episode!

ChatGPT Explains Itself - Ep 392

AI is the latest nerd language spreading wildly across… well, everywhere. ChatGPT, an automated AI-powered chatbot, is designed to provide automated conversational responses to users in a friendly and natural way. Today, we discuss and show you how ChatGPT explains itself and how it could be used in healthcare.

More info at HelpMeWithHIPAA.com/392

Check out the episode!

Vendors In Your Breaches - Ep 391

Knowing what vendors your BAs may use to provide services to your organization is crucial. Those downstream vendors could be the cause of a breach of your data. Signing a BAA does not prove a BA is properly securing your data. Vetting your vendors is as important as making sure your vendors are vetting their vendors.

More info at HelpMeWithHIPAA.com/391

Check out the episode!

Spitballing Website Tracking - Ep 390

Using website tracking technology on healthcare sites can be a double-edged sword. On the one hand, it can help healthcare organizations better understand user behavior, preferences, and interests. However, if not properly secured, this technology can also put users at risk of their sensitive data being accessed and used inappropriately. 

More info at HelpMeWithHIPAA.com/390

Check out the episode!

Last Pass for LastPass? - Ep 389

The recent breach at the popular password manager, LastPass, has caused a lot of concern amongst its users. We ourselves have discussed whether this is the last pass we are going to give to LastPass. So, in today’s episode, we discuss what happened, what it means for LastPass users and what are some things you should do or consider doing.

More info at HelpMeWithHIPAA.com/389

Check out the episode!

2 More OCR Settlements - Ep 388

For our first show of 2023 we review 2 more OCR settlements! These are the last ones released in 2022. Listen in to hear what happened so that you can learn how to avoid making the same mistakes in the new year.

More info at HelpMeWithHIPAA.com/388

Check out the episode!