Ever feel like your efforts to avoid compliance liability just turned into a game of hot potato? Is it a vendor responsibility (business associate or other third party) or yours? Consider cloud service providers (CSPs) as an example. Maintaining HIPAA compliance brings unique challenges to anyone working in or with the cloud. Don’t assume your … Read more
Government agencies – state and federal – have spent the past several months trying to get healthcare’s attention about cybersecurity and simple steps that organizations can take to reduce their risk of ransomware (aka minimize risk). “There are known knowns; there are things we know we know. We also know there are known unknowns; that … Read more
Remember that brief moment when we thought the COVID-19 business impact was lifting? It was a nice thought, but we were wrong. We’re firmly in the midst of the pandemic with alleviation an ever-moving target. What does this mean for businesses, especially covered entities (CE) and business associates (BA)? Telework and telehealth present security risks, … Read more
The healthcare industry reports that video hijacking, or teleconference hijacking, emergence on the rise as telehealth appointments replace typical in-person ones during the COVID-19 crisis. The FBI has received multiple reports of conferences being disrupted by pornographic images, hate images and threatening language. Yet another reason that, even though OCR has indicated it will not … Read more
As we cope with the COVID-19 pandemic, it’s important to take a few extra measures to protect your organization, your patients and clients, and your data. Teleworking, where more and more individuals are working remotely, is widely accepted to prevent further spread of the virus. Now is a good time to address the risks that … Read more
Compliance with CCPA is entwined with how you do business. Your business operations (the “how and what”) directly link to company policy, controls, processes: policies and procedures. You could say that the CCPA has everything to do with policies and procedures. Which is why you need to update yours – yesterday. Not convinced? Let’s go … Read more
Are you sure your medical records aren’t accessible by outsiders? Maybe check your perimeter security. I’m not talking about fancy technical security gadgets, but the simple, obvious things like setting a password on your internet-facing applications. Here’s why I ask. Did you hear about the 187 medical system servers not protected by passwords or necessary … Read more
Isn’t it rewarding when a fellow security professional posts about an attempted hack of his personal website that he turned into a lesson in website security? And in the end, hacked the hacker? That’s exactly what happened with Larry Cashdollar, a senior security response engineer at Akamai. Cashdollar noticed something peculiar in the logs on … Read more
Are you tracking the moving target of your third party vendors’ privacy and security practices? You may want to get on that. If you’re one of the many organizations about to tackle the SOC 2 assessment process, familiarize yourself with the AICPA’s 2017 Trust Service Criteria document (formerly Trust Service Principles). You’ll quickly notice the … Read more
When the much threatened 9.0 quake hits the Pacific Northwest, your first reaction should be, “OMG, we’ve just had a mega-quake. I want to make sure that my family and friends are safe.“ That’s cool. BUT – if cables and power lines get cut accidentally, you want to make sure that your reaction is not … Read more
Apgar & Associates, LLC
7100 SW Hampton St #137
Tigard, OR 97223
503-384-2538
©Copyright 2023 Apgar and Associates. All rights reserved.
