Risk Management & Compliance.

Sep 18th, 2020 - Share this article on: 5 low- to medium-severity vulnerabilities have been identified in the Philips Clinical Collaboration Platform (Vue PACS). If successfully exploited, an attacker could convince an authorized user to execute unauthorized actions or could result in the disclosure of information that could be used in further attacks. Philips has not received any reports to indicate exploits for the vulnerabilities have been developed or used in real world attacks, and there have been no reports of incidents from clinical use associated with the vulnerabilities. The vulnerabilities affect ... [Read More]

Sep 18th, 2020 - Nearly every single industry has been forced to manage the swift and dramatic shift to remote work caused by the COVID-19 health crisis. Beyond the colossal task of migrating to remote operations overnight and ensuring off-network employees have the resources they need to be productive, many businesses are contending with new and weighty compliance challenges as well. For instance, healthcare and life science organizations must find ways to adhere to HIPAA requirements while patient care and management takes place virtually, and sensitive healthcare data changes hands remotely. Financial ... [Read More]

Sep 18th, 2020 - In 2019 more than 16 billion records were exposed through data breaches. This trend has continued in the first quarter of 2020 and so far, it has been one of the worst in data breach history. It is logical to say that in our era of increasing digital connectivity, every company’s operations, brand, reputation, and revenue pipelines can be directly threatened by cyber-attacks and breaches. The dilemma for business is what to do under the growing and increasingly sophisticated global ecosystem cyber-threats. Corporate responsibility not only involves innovation and technological ... [Read More]

Sep 18th, 2020 - Shujinko  announced the results of a survey of North American CISOs documenting the challenges facing security and compliance professionals preparing for a wave of upcoming audits. The survey, a joint effort between Shujinko and Pulse, found that calendars for security and compliance audits are largely unchanged despite COVID-19, yet the pandemic is straining teams as they work remotely. Moreover, CISOs are tasked with preparing for more than three audits on average in the next 6-12 months, but struggle with inadequate tools, limited budgets and personnel, and inefficient manual processes. ... [Read More]

Sep 17th, 2020 - Waves of cybercriminals infiltrating networks and stealing sensitive information is a perennial problem. But implementing the Foundational CIS Controls to strengthen your organization’s security posture can keep you ahead of the risk and prevent minor security leaks from becoming a flood. The Center for Internet Security (CIS) Controls is a cybersecurity framework developed by a public-private partnership between CIS, the SANS Institute, the Department of Defense and the National Security Administration to help organizations of all types and sizes prioritize their cybersecurity. So, whether ... [Read More]

Sep 17th, 2020 - Our three-part blog series, Re-thinking Defensive Strategy at the Edge, has been focusing on outlining a new defensive edge strategy for today’s enterprise. We began with a discussion of data and indicators . Most recently, our second post focused on using risk signals and correlating them for improved security controls. This last post in the series will transition the discussion from data and correlation into how to use these to enable adaptive actionable protection strategies. The tension between usability and security needs to be balanced to enable a controlled environment and successful ... [Read More]

Sep 16th, 2020 - By D.J. Seeterlin T he selection of a core processing vendor is a significant event for any bank; the core vendor is often the second largest non-interest expense behind employee salary and benefits. These vendor relationships are long-term partnerships that start with a multiyear agreement and can span decades. Core banking software is the central nervous system that determines the bank’s ability to meet the evolving needs of its customers, develop new products and services and define staffing resource needs and the end customer’s user experience. The mere thought of a core conversion ... [Read More]

Sep 15th, 2020 - The worst time to learn your disaster recovery plan is outdated is when a disaster occurs. As more businesses are prompted to turn to recovery plans, many have learned there is room for improvement to create a defined approach to recovery so they can bounce back from incidents. Between 70% and 75% of organizations activated recovery plans in the last two years, Gartner research vice president Roberta Witty said in a talk during this week's Security and Risk Management Summit. Of the 298 that did IT disaster recovery, 23% report addressing one incident; 22% report two; 16%, three; 7%, four; ... [Read More]

Sep 15th, 2020 - The Security Risk Assessment (SRA) tool was designed in collaboration between ONC and OCR and is designed to help healthcare entities ensure compliance with HIPAA safeguards. September 15, 2020 -  The Office of the National Coordinator (ONC) in collaboration with the Office of Civil Rights released an update to the Department of H ealth and Human Services Security Risk Assessment Tool designed to support small- and medium-sized healthcare providers ensure HIPAA compliance.   Updates to the SRA tool include various new features, such as improved navigation throughout the assessment ... [Read More]

Sep 14th, 2020 - As digital transformation initiatives accelerate across organizations globally, largely driven by the recent unprecedented shift to remote work, many now rely on cloud applications to carry out essential business activities. With cloud applications, employees are often given an increased amount of access to highly sensitive company data and information protected with sometimes only a password. Now, almost every employee can and should be classified and treated as a "privileged user," the only difference being how much sensitive data or systems they have access to. It is important to note ... [Read More]