Risk & Compliance News.

Nov 25th, 2021 - Integrated Risk Management has become a necessary and extremely beneficial strategy for organizations to effectively and proactively manage risk across the board. A strong IRM strategy will demonstrate the full scope of risk across the business so the organization can make continuous improvements to the risk management program for better organizational performance. What is Integrated Risk Management? Unlike a compliance-based risk management approach, IRM is a more proactive and evaluative ... [Read More]

Nov 24th, 2021 - As reliance on outsourced Cloud software increases organizations need to manage supply chain risk and implement Cloud backup solutions which enable application and data continuity following disruption. Read on to learn more. Just because your critical assets are in the cloud it doesn’t mean they’re protected – in fact it’s quite the opposite. A Cloud backup solution can minimize downtime and enable business continuity and secure disaster recovery. One of the most overlooked virtual ... [Read More]

Nov 24th, 2021 - The Albuquerque, NM-based health insurance agency True Health New Mexico has started notifying certain health plan members about the exposure and potential theft of some of their protected health information. A data security incident was detected on October 5, 2021, and steps were immediately taken to secure its IT systems. The internal incident response team launched an investigation and third-party cybersecurity defense firms were engaged to assist with the forensic investigation. The ... [Read More]

Nov 24th, 2021 - Utah Imaging Associates began notifying nearly 600K of a healthcare data breach, and Eskenazi Health began notifying over 1.5 million individuals. November 24, 2021 - Under the HIPAA Breach Notification Rule, HIPAA covered entities are required to provide notification of a healthcare data breach to impacted individuals whose protected health information (PHI) was compromised. Covered entities must post a notice on the home page of its website for at least 90 days if there are more than 10 ... [Read More]

Nov 23rd, 2021 - Regulations related to IT systems and data are on the rise. IT leaders must do their part in avoiding common missteps that can lead to hefty fines for non-compliance. Compliance is a fact of life for just about every company — especially in highly regulated industries such as healthcare, financial services, and government. And while compliance is often under the mantel of legal, compliance, risk management, or other departments, IT is certain to be involved in any organization’s compliance ... [Read More]

Nov 23rd, 2021 - Experts at a NIST-sponsored workshop weigh in on what might be in the final version of the Biden executive-order-mandated supply chain security guidelines. President Biden’s wide-ranging cybersecurity executive order (EO) issued in May aims to improve software security through a series of guidelines. As the EO directed, the National Institute of Standards and Technology (NIST) has produced a definition of what constitutes “critical software,” published guidance on security measures for ... [Read More]

Nov 22nd, 2021 - Zero-day attacks pose a serious threat to the healthcare sector and can be difficult to mitigate, HC3 warned in its latest threat brief. November 22, 2021 - The Health Sector Cybersecurity Coordination Center (HC3) issued a threat brief outlining risks and mitigation tactics associated with financially motivated zero-day attacks on the healthcare sector. By nature, it is impossible to eliminate zero-day attack risks, but patching systems regularly is the strongest form of defense. The term ... [Read More]

Nov 22nd, 2021 - A developer’s introduction to compliance standards like PCI-DSS, HIPAA, and GDPR. As data breaches increase in frequency and scope, more governmental entities focus on using the stick rather than the carrot to prevent them. Compliance standards and regulations set baseline, minimum security controls that establish basic cyber hygiene. While compliance is not security, software developers need to understand these basic requirements so that they avoid violations. Compliance violations increase ... [Read More]

Nov 22nd, 2021 - OCC, Board, FDIC will require banks to report incidents within 36 hours Federal banking regulatory agencies have approved a final rule on how information about cyber-attacks should be shared within the US banking system, according to a joint statement published by the Federal Deposit Insurance Corporation (FDIC). The Office of the Comptroller of the Currency (OCC), Board, and the FDIC have jointly announced that banks will be required to notify their primary federal regulator of any significant ... [Read More]

Nov 22nd, 2021 - The information security officer at St. Joseph's Health offers some tips and best practices for safeguarding against third-party breaches. In this day and age, any healthcare provider organization could be the next victim of a cybersecurity breach. Unfortunately, countless organizations have experienced data breaches by a third party, and the remediation costs can run into the millions. This is why vendor risk management has come to the fore as a plan that provider organizations should have in ... [Read More]