Myth vs. Fact: Security Risk Analysis

Myth vs. Fact: Security Risk Analysis

As a company that handles protected health information (PHI), HIPAA requires you to analyze how you manage risks to your PHI. This is known as a security risk analysis (SRA). The U.S. Department of Health and Human Services says risk analyses are vital to HIPAA...
Phishing: Don’t Take the Bait

Phishing: Don’t Take the Bait

Because healthcare organizations hold a wealth of sensitive information, they’ve been prime targets of phishing attacks for years. In a 2018 report by Merlin International, 62% of respondents (healthcare organizations) had experienced a cyberattack in the last year,...
Does HIPAA Require Encryption?

Does HIPAA Require Encryption?

In 2012-2013, the University of Texas MD Anderson Cancer Center had three data breaches involving unencrypted devices. An unencrypted laptop had been stolen from an employee’s home, and they had lost two unencrypted USB thumb drives. These incidents compromised the...