Risk Management

ONC, OCR Release Security Risk Assessment Tool Version 3.4

September 15, 2023 - The Office for Civil Rights (OCR) and the Office of the National Coordinator for Health Information Technology (ONC) announced the release of version 3.4 of the Security Risk Assessment (SRA) Tool, further enhancing the user experience and helping covered entities navigate risk assessment requirements under the HIPAA Security Rule. OCR and ONC...

Read More


More Articles

CISA, International Partners Identify Top Routinely Exploited Vulnerabilities

by Sarai Rodriguez

A group of international cybersecurity authorities released a list of the top routinely exploited vulnerabilities of 2022, highlighting commonly overlooked vulnerabilities that organizations should...

Consumers More Concerned About Financial Data Compromise Than Healthcare Data Breaches

by Jill McKeon

Healthcare data breaches did not slow down in 2022, impacting more than 590 organizations and upwards of 48 million individuals. In fact, healthcare data breaches accounted for 22 percent of the...

Cloud Security Risk Management Among ECRI’s Top Health Tech Hazards This Year

by Jill McKeon

Cloud security concerns settled into the number five spot on ECRI’s list of “Top 10 Health Technology Hazards for 2023,” a report that the organization has released annually for the...

HC3 Explores Iranian Cyber Threat Landscape in Latest Brief

by Jill McKeon

The HHS Health Sector Cybersecurity Coordination Center (HC3) issued a detailed brief exploring the Iranian threat landscape and its implications for the US healthcare sector. Iranian threat actors...

Key Ways to Manage the Legal Risks of a Healthcare Data Breach

by Jill McKeon

Healthcare data breaches can result in data theft, reputational and financial losses, and most importantly, patient safety risks. But breaches also come with significant legal implications. Data shows that impacted patients’ lawyers...

CSA Issues Guidance on Third-Party Risk Management in Healthcare

by Jill McKeon

Drafted by the Health Information Management Working Group, the Cloud Security Alliance (CSA) released new guidance on third-party risk management in healthcare. Threat actors are increasingly using...

54% of CISOs Struggle to Convince Board to Prioritize Cybersecurity Investments

by Jill McKeon

Chief information security officers (CISOs) play a crucial role in advocating for cybersecurity investments and communicating risk to the board. Although significant progress has been made, 54 percent...

RSA Conference: H-ISAC, Microsoft, 30+ Others Sign Cyber Risk Management Pledge

by Jill McKeon

At the RSA Conference on Wednesday, cybersecurity experts announced that 37 companies and organizations from eight countries signed a cyber risk management pledge, promising to bolster cyber...

Zero-Day Exploits Reached All-Time High Last Year Report Finds

by Jill McKeon

Mandiant Threat Intelligence observed a record number of zero-day exploits in 2021, its latest report revealed. The firm identified 80 exploited zero-days in 2021, compared to just 30 in 2020. Threat...

60% of Healthcare Orgs Say Third-Party Risk Management Needs Improvement

by Jill McKeon

An overwhelming majority of surveyed healthcare organizations said that their third-party risk management and compliance strategies were due for some improvements, a survey conducted by Kiteworks...

Healthcare Orgs Struggle With Software Supply Chain Risk Management Policies

by Jill McKeon

Despite increased attention toward supply chain security after the 2020 SolarWinds cyberattack, 74 percent of surveyed US healthcare organizations reported not having comprehensive software supply...

NIST Highlights Enterprise Patch Management in Latest Guidance

by Jill McKeon

The National Institute of Standards and Technology’s (NIST) National Cybersecurity Center of Excellence (NCCoE) released final guidance regarding enterprise patch management to help organizations...

CISA Observes Increased Critical Infrastructure Ransomware Threats

by Jill McKeon

A joint advisory by cybersecurity authorities in the US, Australia, and the United Kingdom underscored increasing critical infrastructure ransomware threats that will likely continue to grow in the...

How to Effectively Communicate Healthcare Cyber Risks to C-Suite Execs

by Jill McKeon

Effectively communicating healthcare cyber risks to C-suite executives is crucial to securing the vital cybersecurity resources needed to combat the multitude of data breaches and cyberattacks that torment the healthcare sector daily. But...

Importance of API Security in Healthcare Grows as Cyberattacks Increase

by Jill McKeon

API security is essential to healthcare cybersecurity as threat actors increasingly turn to APIs as an easy network entry point. In 2019, Gartner predicted that API attacks would become the most common...

Ireland HSE Cyberattack is a Cautionary Tale For US Healthcare Orgs

by Jill McKeon

The Health Sector Cybersecurity Coordination Center (HC3) encouraged US healthcare organizations to learn from the large-scale May 2021 cyberattack against the Ireland Health Service Executive...

Cyber Insurance Does Not Replace Need For Cybersecurity Program

by Jill McKeon

According to the Government Accountability Office (GAO), cyber insurance sales increased from 26 percent in 2016 to 47 percent in 2020. The healthcare and education sectors accounted for a significant...

Adopting Defense In Depth Strategies to Combat Healthcare Cyberattacks

by Jill McKeon

The current cyber threat landscape calls for sophisticated defense in depth strategies that allow organizations to adapt and respond to healthcare cyberattacks and vulnerabilities. The National Institute of Standards and Technology (NIST)...

32% of Healthcare Organizations Have a Comprehensive Security Program

by Jill McKeon

Just 32 percent of surveyed acute and ambulatory care organizations had a comprehensive security program in 2021, according to the College of Healthcare Information Management Executives (CHIME)...

Recent Articles