The core HIPAA Privacy and Security Rules were written in a very different era, before cloud computing, large-scale data exchange, and ransomware became a systemic risk to healthcare. While there have been updates to address the digital age (namely, HITECH), there are still gaps in HIPAA’s approach to distributed cloud systems.  

The latest round of HIPAA updates, including proposed updates to both the Privacy Rule and the Security Rule, represents the most consequential modernization effort since the launch of HITECH. 

Read More

As regulatory scrutiny is increasing, customers are more demanding, and security failures carry reputational and financial consequences that far outweigh the cost of prevention. In response, Managed Service Providers are redefining their role. Instead of offering compliance as a one-off consulting engagement, they are transforming it into a repeatable, scalable managed service.

This is an evolution in how organizations focus on governance, risk, and trust. Here, we’re covering how MSPs can think of this new compliance landscape. 

Read More

CISA’s Cross-Sector Cybersecurity Performance Goals (CPGs) reflect the federal government’s effort to raise the baseline for basic cybersecurity effectiveness. CPG 2.0 breaks away from the idea of a strict framework, instead establishing a strategic, outcome-driven baseline for cybersecurity performance that cuts across industries, operating environments, and organizational maturity levels.

For CISOs, CIOs, and compliance officers, the value of CPG 2.0 lies in its reframing of cybersecurity as a set of measurable performance expectations anchored in governance and risk management.

Read More