• 31 Aug 2017

    HIPAA and data encryption – what you need to know

    When I co-wrote the first edition of the book The Practical Guide to HIPAA Privacy and Security Compliance, both HIPAA and data encryption were a big deal. Fast forward nearly 15 years and they're still a big deal, yet many people are still struggling with both. If you're looking for some insight/guidance on HIPAA compliance, data encryption, or security intelligence in today's business environment, here are a few new pieces that ...

    Continue Reading...
  • 26 May 2017

    From web to mobile to connected cars – here are some application security resources you need to check out

    Given all of the variables and complexities associated with information security, I still believe that application security is the biggest weakness in most organizations and the one area where we can truly effect the greatest change. Here are some pieces that I have written recently regarding web and mobile app security that you might enjoy:Identifying and addressing overlooked web security vulnerabilitiesWhat the end of hot patching mobile apps means for ...

    Continue Reading...
  • 19 Jan 2017

    Children’s Hospital Los Angeles breach reminds us that HIPAA means nothing if you ignore its requirements

    Back in 2007 I wrote a blog post on what's it going to take to encrypt laptop hard drives. After seeing this recent story about Children's Hospital Los Angeles, I can't help but shake my head.The 0 comments on this article says a lot as society is becoming immune to these breaches...I think I've heard it called breach fatigue - it's not unlike presidential politics as of late! In 2007, these ...

    Continue Reading...
  • 23 Jun 2015

    HIPAA Security Rule compliance tips, advice, and resources

    There's a lot going on in the world of healthcare, including HIPAA compliance. This applies not only to healthcare providers, insurance companies, and the like but also any business and subcontractor that does business in this space.If you or someone you know falls under this umbrella, here are a few things I've written over the past several months that can help: What Security Professionals Need to Know about HIPAA‘Yes, HIPAA ...

    Continue Reading...
  • 19 Sep 2014

    Resources to get up to speed with the latest HIPAA security requirements

    Check out the newly-revised second edition of the book I just finished co-authoring with Rebecca Herold that's due out October 21st: Be sure to check out my other IT security compliance resources on my website. Enjoy!...

    Continue Reading...
  • 28 Jan 2014

    My latest security content impacting everyone from CIOs to project managers to those who are “going green”

    I thought you might be interested in these recent information security articles and webcasts I've written and recorded:Information security project considerations for project managersThe information security basics your organization should already knowHow VARs can help customers securely discard e-waste Regulatory compliance requirements for security solutions providersKeeping resilientExtending HIPAA Compliance from Electronic Health Records to Document and Data TransmissionsInformation Technology and Business Continuity – Filling the gaps to protect your businessBe ...

    Continue Reading...
  • 08 Apr 2012

    Disk encryption for HIPAA + HITECH & why BitLocker may not be the solution

    I'm finally back in the swing of things after taking some time off for Spring Break. I hope you're enjoying your Spring as well.Here are two articles I've recently written about full disk encryption...arguably the greatest missing link in any given business's information security program.Things you need to think about regarding disk encryption and data protection for HIPAA and HITECHBitLocker’s improvements leave gaps to be aware ofEnjoy!As always, be sure ...

    Continue Reading...
  • 07 Dec 2011

    BitLocker, Passware…heads in sand everywhere!

    Three times in the past three weeks. That's how many conversations I've had people who have blown off any sort of technical or operational weaknesses associated with Microsoft BitLocker when using it as an enterprise full disk encryption solution. They're well-documented. I highlighted these issues in my recent whitepaper The Hidden Costs of Microsoft BitLocker as well.I've said it before and I'll continue saying it: I've sung the praises of ...

    Continue Reading...
  • 09 Nov 2011

    Wooo…HIPAA audits are coming & the irony of KPMG’s involvement

    I've always believed that compliance is a threat to business [hence why I help businesses take the pain out of compliance by addressing their actual information security issues] and this new bit from HHS's Office of Civil Rights is no different. Apparently the HIPAA audits are coming...KPMG - an audit firm that has already proven they have trouble implementing the basic security controls they audit others against - scored a ...

    Continue Reading...
  • 12 Jul 2011

    How smartphones can make us look dumb

    Not long ago I heard a gentleman speaking with radio show host Clark Howard about a phone he purchased online. He said it had all sorts of personal information belonging to the previous owner including her healthcare records. Ouch.If I understood the caller correctly it sounded like this personal information was sent to the previous owner by her doctor. A doctor who I'm sure is HIPAA compliant...after all, as most ...

    Continue Reading...