Foster Charles

DFARS 252.204-7012: Could a lack of training be putting you at risk?

DFARS 252.204-7012: Could a lack of training be putting you at risk?

Most people still think of cybersecurity as a technical challenge and that only the IT department needs to worry about it. This widespread misconception is exactly the reason why employees are often the weakest link in an organization’s security posture. After all, cybercriminals have a far easier time exploiting human ignorance and unpreparedness than trying to break through encryption ...

DFARS 252.204-7012: How effective are your access controls?

DFARS 252.204-7012: How effective are your access controls?

Access control is one of the fourteen groups of information security requirements specified by the NIST 800-171 standard. The standard aims to set a baseline for controlling access to any sensitive data, and adherence to it is a requirement for any organization that forms part of the Defense Industrial Base (DIB). This is according to the DFARS 252.204-7012 clause, which has been included in DoD ...

DFARS 252.204-7012: 14 Control Families You Can’t Afford to Overlook

DFARS 252.204-7012: 14 Control Families You Can’t Afford to Overlook

Any Department of Defense (DoD) contractor must comply with the security standards of the Defense Federal Acquisition Regulation Supplement (DFARS) before it can be given access to controlled unclassified information (CUI). 

A Guide to New and Proposed HIPAA Regulations: What to Expect

A Guide to New and Proposed HIPAA Regulations: What to Expect

It's been several years since the Health Insurance Portability and Accountability Act of 1996 (HIPAA) was last updated, with the most recent changes being those pertaining to the Omnibus Rule in 2013. This revision saw the introduction of new requirements mandated by the Health Information Technology for Economic and Clinical Health (HITECH) Act.

5 HIPAA Compliance Tips to Help You Stay Compliant

5 HIPAA Compliance Tips to Help You Stay Compliant

The healthcare industry is the biggest target for cyberattacks because protected health information (PHI), which healthcare organizations handle on a daily basis, is extremely valuable. According to recent reports, the healthcare industry accounted for 79% of all reported breaches in 2020, with botnets, distributed denial-of-service attacks, and ransomware being the most common cyberthreats.

A guide to HIPAA IT certification: 5 things you need to understand

A guide to HIPAA IT certification: 5 things you need to understand

In 1996, the federal government introduced the health insurance portability and accountability act (HIPAA) to protect employees and their families from losing their health coverage when changing jobs. However, the legislation also has a secondary purpose, that being to protect the privacy and security of protected health information (PHI).

HIPAA challenges of 2021: 6 ways the healthcare sector is responding

HIPAA challenges of 2021: 6 ways the healthcare sector is responding

As we start to turn the tide against the coronavirus pandemic after a year of public health dominating the news headlines, the world of medicine and healthcare is undergoing a greater and faster transformation than anyone could ever have anticipated. Digital health technologies are now accelerating at a breakneck pace as trends, like remote work and telemedicine, become deeply entrenched in the ...

What is a HIPAA-compliant cloud? 5 ways to evaluate your IT services

What is a HIPAA-compliant cloud? 5 ways to evaluate your IT services

It’s hard to imagine any modern healthcare operator not making use out of cloud storage these days. The benefits of being accessible from any device in any location cannot be understated, but easier accessibility to legitimate employees and patients might also mean making things easier for cybercriminals too. Fortunately, there are many ways to mitigate these risks without having to sacrifice ...

What should you expect from a HIPAA security risk assessment?

What should you expect from a HIPAA security risk assessment?

A HIPAA security risk assessment is an essential component of achieving and maintaining full compliance with the federal law. Every covered entity and business associate should conduct periodic risk assessments, including whenever they make significant changes to operational or technology infrastructure.

Why you can’t afford to make a mistake when performing a HIPAA risk assessment

Why you can’t afford to make a mistake when performing a HIPAA risk assessment

Healthcare is a favorite target of cybercriminals due to the high value of personally identifiable information on the black market. One of the main tenets of the HIPAA security rule is that covered entities and business associates must carry out periodic HIPAA risk assessments to determine where lie their vulnerabilities and the threats that face them. Even though HIPAA IT security requirements ...