I was prompted to write this quick post this morning when I read this article. I think it is a good example of what some (actually many, in my experience) …
SECURITY
Security Due Diligence For Microsoft 365 User Organizations
Co-written by Monica Meiterman-Rodriguez (Privacy Consultant) and Brian Ching (Information Security and Privacy Analyst) A majority of global enterprises are now using Microsoft 365 (“M365”) as their primary office application. …
Security is mostly basics, but talk is cheap
In most cases, better security posture is all about getting a few basics right. And this recent incident related to the breach of a Healthcare.gov server may be further proof …
That Odd Authentication Dichotomy Needs To Change
By now, it should be clear that we need to consider strong (multi factor) authentication for access to anything of value. In an age and time when most public email services …
Compliance obligations need not stand in the way of better information security and risk management
I couldn’t help write this post when I noticed this press release based on an IDC Insights Survey of Oil & Gas Companies. I don’t have access to the full …
Can we change the tune on Health Information Security and Privacy please?
Notice the title doesn’t say HIPAA Security and Privacy. Nor does it have any of the words – HITECH, Omnibus Rule, Meaningful Use etc. That is the point of this post. Let …
CHIME On MU Audits… Looking For Thoughts/Feedback
I happened to read this article from Information Week Healthcare and was especially interested by this quote reproduced below… “CHIME also raised the issue of excessive auditing of providers in …
Providers Is HIPAA Security Risk Analysis in your plan over the next few months?
Security Risk Analysis is something that we recommend all organizations conduct periodically or before a significant process or technology change. After all, threats, vulnerabilities and impact (three components of risk, …
You don’t know what you don’t know Do we have a “detection” problem with the healthcare data breach numbers?
Like some of you perhaps, I have been reading a few recent articles on Healthcare data breaches, especially the one from Dark Reading and a detailed analysis of the 2010-to-date …