Mobile Health Apps & the FTC’s late (but serious) entry to the Breach Notification Game
How the FTC breach notification rule affects mobile app vendors and developers.
Chris Apgar, CISSP, CCISO
CISA: On Cyber Risks, Mitigation & Best Practices
In April, CISA, aka the Cybersecurity and Infrastructure Security Agency, published a handy trends findings summary that they pulled from 192 healthcare and public health sector entities (HPH). From fiscal year 2019 – 2020, the agency discovered, HPH’s four most common cyber risks were: Phishing Out-of-date patches Unsupported software and operating systems Poorly configured internet-accessible … Read more
Apgar & Associates’ President & CEO Joins HSCC Joint Cybersecurity Working Group on Behalf of AHIMA
Chris Apgar, President & CEO of Apgar & Associates, recently joined the Health Sector Coordinating Council’s (HSCC) Joint Cybersecurity Working Group on behalf of the American Health Information Management Association (AHIMA). HSCC is a coalition of industry associations and their members that collaborates with healthcare industry leaders and the government to address the healthcare sector’s … Read more
Audit Log Monitoring: Tiresome But Oh-So-Necessary
Audit log monitoring is probably one of the most unsexy, uninteresting activities a healthcare organization or business associate has to do. But neglect it at the risk of your solid bottom line and reputation. Last time we talked about how you can get into legal (and costly) hot water with badly aligned policies and procedures … Read more
Healthcare Organizations: What can get you into [costly] hot water?
For healthcare organizations and the businesses that support them, regulation and legislation too often turn into lawsuits and settlements. What’s happening to get you into trouble in the first place? How can you avoid the serious costs they bring – to the bottom line and to reputation? Here’s what Julia and I often see from … Read more
Security in a Remote Access World, Revisited
It’s time to circle back to the topic of remote access. Earlier I provided you a checklist to send to your remote working employees to assess workspace and workstation security. With new portable devices and web apps that support working from home, including transmitting large amounts of data with minimum resources, I feel it’s important … Read more
Telework & Telehealth: How Can We Work Securely During a Pandemic?
Remember that brief moment when we thought the COVID-19 business impact was lifting? It was a nice thought, but we were wrong. We’re firmly in the midst of the pandemic with alleviation an ever-moving target. What does this mean for businesses, especially covered entities (CE) and business associates (BA)? Telework and telehealth present security risks, … Read more
Return from Remote Work: How do you secure remotely used data & devices?
As things ease up, and slowly people return to the office, what steps do you need to take to make sure data and devices are secure? It’s not quite a reversal of what covered entities (CE) and business associates (BA) went through when everyone who was non-essential was required to go to remote work, but … Read more
Video Hijacking Have You Worried? Try these 5 Steps from the FBI
The healthcare industry reports that video hijacking, or teleconference hijacking, emergence on the rise as telehealth appointments replace typical in-person ones during the COVID-19 crisis. The FBI has received multiple reports of conferences being disrupted by pornographic images, hate images and threatening language. Yet another reason that, even though OCR has indicated it will not … Read more
Attention Business Associates! New OCR Announcement re PHI during COVID-19 Relates to You
On April 2, 2020, the Office for Civil Rights (OCR) at the U.S Department of Health and Human Services (HHS) announced that effective immediately, it will exercise its enforcement discretion and will not impose penalties for violations of certain provisions of the HIPAA Privacy Rule against health care providers or their business associates for the … Read more
