Help Me With Hipaa

Everybody get on board because data security laws keep getting signed in states each year. The new Maryland and Kentucky data security laws are designed to help protect insurance companies from cyber attacks by implementing cybersecurity standards, developing, implementing, and maintaining a written information security program. Their service providers are also required to implement such programs which include a requirement to report cyber security incidents within 3 days of discovery. For more details go to HelpMeWithHIPAA.com/356

Incident response planning is important to every business. You don’t want to figure out how to manage the business and respond to an incident on the fly.  These plans should be reviewed and updated regularly. Today we review a brand new guide from the Healthcare & Public Health Sector Coordinating Council on Operational Continuity - Cyber Incident. More info at HelpMeWithHIPAA.com/355

Over the last couple years, we’ve had some high-profile cybersecurity compromises and data breaches. And this trend is not slowing down. Today, we review a recent study of the top cyber threats to healthcare organizations. The results reinforce that PriSec teams require everyone to participate. More info at HelpMeWithHIPAA.com/354

Recently, we’ve had a couple things come up which involved tricky places that HIPAA has applied that most people might not think of. So, we thought we'd throw them out there and have a little bit of fun discussing them. More info at HelpMeWithHIPAA.com/353

Cybercrime is a booming business. In 2021, the US experienced an unprecedented increase in cyber attacks with criminals making $6.9 billion online. In today’s podcast, we review the FBI’s Internet Crime Report for 2021. More info at HelpMeWithHIPAA.com/352

It is crucial for every business to understand the security practices of their vendors. And also to make sure that those vendors are vetting their vendors.  A cyber attack at a link in your supply chain can drastically affect your business. Evidence: the Okta breach. More info at HelpMeWithHIPAA.com/351

Have you heard the one about three dentists and a psychiatrist walk into... an OCR investigation? OCR has announced their first set of enforcement actions of 2022, and just in time for our 350th episode.  These involve patient right of access and improper disclosure violations. More info at HelpMeWithHIPAA.com/350

Donna made many notes from the HIPAA Summit. Today, she and David will share six of her top picks, including the difference between an incident and a breach, how a “check the box compliance program” is not a privacy and security program, importance of understanding what your vendor’s incident response plans are and more. More info at HelpMeWithHIPAA.com/349

If you are a regular listener of the podcast, you know how Donna loves to “HIPAA-geek out” over the National HIPAA Summit each year. This year’s National HIPAA Summit did not disappoint. Today, we discuss a few points made concerning enforcement of HIPAA related cases by three arms of the federal government. More info at HelpMeWithHIPAA.com/348

Cyber threats are a growing risk that is becoming increasingly difficult to avoid. Small and medium businesses are not immune to these cyber threats. They are a growing business risk. The first step in preventing cyber threats is awareness.  More info at HelpMeWithHIPAA.com/347

Security events can have a significant impact on your business. It’s important to understand the magnitude of what’s going on and what the risks are. Having a plan in place to deal with privacy and security events can make it better, but not having one can make it worse.  More info at HelpMeWithHIPAA.com/346

The harsh realities of cybersecurity are not always easy to hear, but they are the one thing that we cannot compromise on as they can have a huge impact on our lives. We must remain cyber aware and be vigilant in order to combat cyber threats. More info at HelpMeWithHIPAA.com/345

Kardon, Help Me With HIPAA and HIPAA for MSPs is hosting the first PriSec Boot Camp in Louisville, KY on Sep 12, 13, 14 and 15. This ain’t yo Momma’s privacy and security. It is a one of a kind event designed for those who need to understand and manage a privacy and security program.  Listen to today’s podcast to learn all about it. More info at HelpMeWithHIPAA.com/344

Encryption can give you a false sense of security. Just because your device or your data is encrypted doesn’t mean it is secure.  You have to understand how encryption works in order to understand how it doesn't work. More info at HelpMeWithHIPAA.com/343

Securing your website is often overlooked in planning discussions and business risk management decisions. Building a website is pretty easy these days, but keep in mind users expect to have a safe online experience too. Just like with social media sites, a lot can go wrong with a forgotten website. More info at HelpMeWithHIPAA.com/342

More and more SMBs are turning to MSPs to help secure their networks, protect their assets from cyber attacks and meet compliance obligations.  MSPs are looking to add new services to meet the SMB market demand.  Today, we review a few of our observations for SMBs and MSPs from a recent report on the focus for small businesses in the next few years. More info at HelpMeWithHIPAA.com/341

Honeypots are an important tool in the cybersecurity arsenal. They can be used to observe how attackers work and what their activities, intentions and strategies are. This information can help organizations better understand and defend against cyber attacks. More info at HelpMeWithHIPAA.com/340

Social media has become a very important part of our lives. It is the easiest way to connect with friends, family and even promote your business. If not secured properly, it can also be an easy way for someone to hack into your account and become “you” or be the spokesperson for your business.  More info at HelpMeWithHIPAA.com/339

A proper incident response plan is one that details your response to a data breach, cyber attack or other event.  Without a proper plan, things can go horribly awry.  In this episode, we discuss the steps to properly respond to a security incident and then give you seven ways you can completely screw it up. More info at HelpMeWithHIPAA.com/338

The unknown is the most dangerous. It's a saying that should be taken into account when protecting your most valuable asset - your data.  Today we talk about why creating an asset inventory of your hardware, software and data is an important first step to being able to protect it. More info at HelpMeWithHIPAA.com/337