In January 2025, the U.S. Department of Health and Human Services (HHS) introduced proposed updates to the HIPAA Security Rule, aiming to close security gaps and strengthen protections for electronic protected health information (ePHI). These changes come in response to an alarming rise in cyberattacks in the healthcare sector, where ransomware and data breaches have affected millions of patients and cost the industry billions of dollars.
Topics: Cybersecurity, HIPAA, Data Breach, Information Security, Data Security, Data Protection, healthcare, Passwords, Risk Assessment, Ransomware, MFA, Compliance, Policies & Procedures
How do you know if you have a solid cybersecurity program? You may have anti-virus installed and you change your computer password quarterly, but how do you know if your security program is truly effective? When you can’t see your gaps, it’s hard to make improvements and even harder to pick up the pieces after a security breach. That’s why Cybersecurity Consultants, like ProCircular’s Andrew Chipman, collect all the information they can, then measure your active security controls against their library of applicable standards.
Topics: HIPAA, Information Security, Data Protection, it risk assessment, DFARS, Manufacturing, risk
You’re sitting on your couch at home, it’s 8:00 on a Saturday night and one of your interns emails you about a new security vulnerability he just heard about on the latest and greatest podcast. You know that this new vulnerability is going to be the first thing to come up during the morning water cooler talk Monday morning. It’s time for you, the great server admin, to take flight and protect your kin!
Topics: Cybersecurity, Network Security, HIPAA, Information Security, Data Security, cybersecurity plan
The reason we wear our seat belts is not to avoid getting a ticket from the police, but rather to avoid a potential injury in a car accident. This analogy is an easy way to describe the difference between box-checking security and real security, and it's instantly understood regardless of technical knowledge. This message resonates with executives, because they typically prefer to “get to the point” and correctly protecting their data is “the point” of cybersecurity.
Topics: HIPAA, Information Security, consumer security, Data Security, Data Protection, Vulnerability Assessment, it risk assessment, DFARS, cybersecurity plan, NIST
“What are the top 7 things you can do to protect your business from hackers?” Have you ever read a list like that on the internet? In the cybersecurity realm, they’re everywhere. I’ve even assembled and presented one of those lists to a group of business owners myself. They tend to point out things like user awareness training, patching and passwords. All noble things to get your arms around, of course, but are they useful to a client? Sometimes I feel as though those lists, as true as they are, are about as useful as telling a football team to “score touchdowns”, or “guard the quarterback.” Yeah, I know that scoring touchdowns is good… but how?
Topics: Cybersecurity, HIPAA, DDOS, it risk assessment, cybersecurity plan, NIST