CISA: On Cyber Risks, Mitigation & Best Practices

In April, CISA, aka the Cybersecurity and Infrastructure Security Agency, published a handy trends findings summary that they pulled from 192 healthcare and public health sector entities (HPH). From fiscal year 2019 – 2020, the agency discovered, HPH’s four most common cyber risks were: Phishing Out-of-date patches Unsupported software and operating systems Poorly configured internet-accessible … Read more

Apgar & Associates’ President & CEO Joins HSCC Joint Cybersecurity Working Group on Behalf of AHIMA

Chris Apgar, President & CEO of Apgar & Associates, recently joined the Health Sector Coordinating Council’s (HSCC) Joint Cybersecurity Working Group on behalf of the American Health Information Management Association (AHIMA). HSCC is a coalition of industry associations and their members that collaborates with healthcare industry leaders and the government to address the healthcare sector’s … Read more

Healthcare Organizations: What can get you into [costly] hot water?

healthcare org costly hot

For healthcare organizations and the businesses that support them, regulation and legislation too often turn into lawsuits and settlements. What’s happening to get you into trouble in the first place? How can you avoid the serious costs they bring – to the bottom line and to reputation? Here’s what Julia and I often see from … Read more

Security in a Remote Access World, Revisited

It’s time to circle back to the topic of remote access.  Earlier I provided you a checklist to send to your remote working employees to assess workspace and workstation security. With new portable devices and web apps that support working from home, including transmitting large amounts of data with minimum resources, I feel it’s important … Read more

Telework & Telehealth: How Can We Work Securely During a Pandemic?

how to telework telehealth securely

Remember that brief moment when we thought the COVID-19 business impact was lifting? It was a nice thought, but we were wrong. We’re firmly in the midst of the pandemic with alleviation an ever-moving target. What does this mean for businesses, especially covered entities (CE) and business associates (BA)? Telework and telehealth present security risks, … Read more

Return from Remote Work: How do you secure remotely used data & devices?

return from remote work

As things ease up, and slowly people return to the office, what steps do you need to take to make sure data and devices are secure? It’s not quite a reversal of what covered entities (CE) and business associates (BA) went through when everyone who was non-essential was required to go to remote work, but … Read more

Video Hijacking Have You Worried? Try these 5 Steps from the FBI

video hijacking fbi advice apgar

The healthcare industry reports that video hijacking, or teleconference hijacking, emergence on the rise as telehealth appointments replace typical in-person ones during the COVID-19 crisis. The FBI has received multiple reports of conferences being disrupted by pornographic images, hate images and threatening language. Yet another reason that, even though OCR has indicated it will not … Read more

Are All Ransomware Attacks Breaches?

ransomware-breach or incident only

It’s one of those questions that never goes away.  The answer is, “Maybe” and very definitely, “Not always.” Contrary to popular belief, even after ransomware attacks, the safe harbor still applies when it comes to breaches.  If your PHI data was encrypted prior to the ransomware attack that encrypted (aka “held for ransom”) it, you … Read more

Perimeter Security: It’s the Simple Things That’ll Get You

perimeter security

Are you sure your medical records aren’t accessible by outsiders? Maybe check your perimeter security. I’m not talking about fancy technical security gadgets, but the simple, obvious things like setting a password on your internet-facing applications. Here’s why I ask. Did you hear about the 187 medical system servers not protected by passwords or necessary … Read more

RFI Vulnerability Lesson: Beware of Who You (try to) Hack

Beware of Who You Hack

Isn’t it rewarding when a fellow security professional posts about an attempted hack of his personal website that he turned into a lesson in website security? And in the end, hacked the hacker? That’s exactly what happened with Larry Cashdollar, a senior security response engineer at Akamai. Cashdollar noticed something peculiar in the logs on … Read more