Foster Charles

Most people still think of cybersecurity as a technical challenge and that only the IT department needs to worry about it. This widespread misconception is exactly the reason why employees are often the weakest link in an organization’s security posture. After all, cybercriminals have a far easier time exploiting human ignorance and unpreparedness than trying to break through encryption ...

Access control is one of the fourteen groups of information security requirements specified by the NIST 800-171 standard. The standard aims to set a baseline for controlling access to any sensitive data, and adherence to it is a requirement for any organization that forms part of the Defense Industrial Base (DIB). This is according to the DFARS 252.204-7012 clause, which has been included in DoD ...

Any Department of Defense (DoD) contractor must comply with the security standards of the Defense Federal Acquisition Regulation Supplement (DFARS) before it can be given access to controlled unclassified information (CUI). 

It's been several years since the Health Insurance Portability and Accountability Act of 1996 (HIPAA) was last updated, with the most recent changes being those pertaining to the Omnibus Rule in 2013. This revision saw the introduction of new requirements mandated by the Health Information Technology for Economic and Clinical Health (HITECH) Act.

The healthcare industry is the biggest target for cyberattacks because protected health information (PHI), which healthcare organizations handle on a daily basis, is extremely valuable. According to recent reports, the healthcare industry accounted for 79% of all reported breaches in 2020, with botnets, distributed denial-of-service attacks, and ransomware being the most common cyberthreats.

In 1996, the federal government introduced the health insurance portability and accountability act (HIPAA) to protect employees and their families from losing their health coverage when changing jobs. However, the legislation also has a secondary purpose, that being to protect the privacy and security of protected health information (PHI).

As we start to turn the tide against the coronavirus pandemic after a year of public health dominating the news headlines, the world of medicine and healthcare is undergoing a greater and faster transformation than anyone could ever have anticipated. Digital health technologies are now accelerating at a breakneck pace as trends, like remote work and telemedicine, become deeply entrenched in the ...

It’s hard to imagine any modern healthcare operator not making use out of cloud storage these days. The benefits of being accessible from any device in any location cannot be understated, but easier accessibility to legitimate employees and patients might also mean making things easier for cybercriminals too. Fortunately, there are many ways to mitigate these risks without having to sacrifice ...

A HIPAA security risk assessment is an essential component of achieving and maintaining full compliance with the federal law. Every covered entity and business associate should conduct periodic risk assessments, including whenever they make significant changes to operational or technology infrastructure.

Healthcare is a favorite target of cybercriminals due to the high value of personally identifiable information on the black market. One of the main tenets of the HIPAA security rule is that covered entities and business associates must carry out periodic HIPAA risk assessments to determine where lie their vulnerabilities and the threats that face them. Even though HIPAA IT security requirements ...