HIPAA is a detailed and comprehensive set of regulations governing IT systems and data handling in the healthcare industry. As times change, so too has the language of HIPAA evolved to address those changes. One of these updates is the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009. This law modernized HIPAA and directed entities in healthcare to adopt more modern, digital record keeping and security technologies. 

Here, we’ll cover some of the basics of HITECH and what it changed in the language of HIPAA. 

Read More

The document library of the NIST website can be daunting and seemingly endless in terms of the various frameworks, controls and requirements that it provides. The 800 series, in particular, while important and, in many cases, necessary, is also hard to penetrate if you don’t already have some knowledge of what it contains. This can challenge organizations working with the DoD supply chain, especially those handling classified or sensitive material. 

This article will cover one of these publications: NIST 800-171. This document defines security for a specific form of government information that many contractors under the executive or defense departments: CUI. While important, this document also informs several important security frameworks, namely CMMC.

Read More

According to federal prosecutors with the U.S. Navy, veteran Johnathan Toebbe, alongside his wife Diana Toebbe, attempted to sell sensitive information regarding Virginia-class submarines. This wouldn’t be the first time an insider threat led to a potential leak of crucial military information, but the fact that it has happened in 2021 indicates that even in 2021, mitigating insider threats is still a vital issue. 

This news should be abundantly clear that insider threats are still a significant problem in modern cybersecurity. Here we’ll discuss what insider threats are and what you can do to reduce or mitigate the dangers of these threats for your organization. 

Read More