Any organization in the healthcare industry knows that cybersecurity is a critical component of doing business. So much so, in fact, that any enterprise handling protected health information (PHI) must implement and maintain strict cybersecurity and privacy controls to protect patient data from unauthorized disclosure. 

However, understanding that HIPAA is a requirement for operation doesn’t necessarily make compliance or effective cybersecurity much easier to implement. That’s why an initiative conceived by government agencies, known as the Health Industry Cybersecurity Practices (HICP), was put into action to align security along with government and industry best practices. 

Read More

Over the past few weeks, we’ve discussed what it means to consider risk as part of an overall compliance strategy. We’ve emphasized throughout that risk doesn’t have to be an abstract pursuit–it can be a comprehensive part of compliance and security that uses the realities of regulations and frameworks to drive decision-making (and vice-versa). 

One of the approaches to risk and compliance that many organizations are seeing pop up in regulations is the concept of “maturity.” Maturity can mean a lot of different things, depending on the context. 

Read More

We’ve discussed risk management and its complexity–what goes into it, what frameworks you can use, and how different forms of analysis and visualization can help you assess it effectively. 

But let’s pump the brakes a little. Have you thought about what to do about your risk profile? Do you know how to approach risk as a problem that needs a solution?

Here, we will discuss the four types of risk management approaches that enterprises use to address and navigate their cybersecurity risk.

Read More