No Password Required: SVP at SpyCloud Labs, Former Army Investigator, and Current Breakfast Champion
No Password Required Podcast: Chief Product Officer at ThreatLocker and Advocate of Buc-ee’s, Mascots, and Buc-ee Mascots
No Password Required: Director and Cybersecurity Adviser at KPMG and Rain Culture Authority
AI Talk With Juliana Neelbauer - Episode Two - Cybersecurity Insurance: The New Frontier of Risk Management
On-Demand Webinar: Bring Predictability to the Spiraling Cost of Cyber Incident Response Data Mining
On-Demand Webinar: Bring Predictability and Reduce the Spiraling Cost of Cyber Incident Response
Unlock Privacy ROI: Why Making Cross-Functional Allies is Key
No Password Required: USF Cybercrime Professor, Former Federal Agent, and Vintage Computer Archivist
Episode 334 -- District Court Dismisses Bulk of SEC Claims Against Solarwinds
Monumental Win in Data Breach Class Action: A Case Study — The Consumer Finance Podcast
Cost of Noncompliance: More Than Just Fines
Will the U.S. Have a GDPR? With Rachael Ormiston of Osano
Work This Way: A Labor & Employment Law Podcast | Episode 14: How Employers Can Navigate Cybersecurity Issues with Brandon Robinson, Maynard Nexsen Attorney
FBI Lockbit Takedown: What Does It Mean for Your Company?
Privacy Officer's Roadmap: Data Breach and Ransomware Defense – Speaking of Litigation Video Podcast
Decoding Cyber Threats: Protecting Critical Infrastructure in a Digital World — Regulatory Oversight Podcast
Life With GDPR: Episode 104 – Solar Winds and Your Mother – Tell The Truth
No Password Required: American University’s Vice Provost for Research and Innovation and a Tracker of (Cyber) Unicorns
Snooping Sadia Talks to Former Official Gene Fishel — Unauthorized Access Podcast
Life With GDPR: Critical Perspectives on Big Law Firm Cybersecurity
In the first five months of 2025, the U.S. Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) announced it had entered into ten Health Insurance Portability and Accountability Act (HIPAA) resolution...more
Following the Office for Civil Rights (OCR) recent publication of four settlements as part of a new Risk Analysis Audit Initiative. We explore the current regulatory language for Risk Analysis, the proposed language for Risk...more
As Cyberattacks targeting the health care sector have continued to intensify over the past year, including ransomware attacks that have resulted in major data breaches impacting health care organizations, the protection of...more
The HIPAA Security Rule may soon undergo a big overhaul that would better defend healthcare data from cybersecurity threats – and require much more from covered entities when it comes to establishing and maintaining defenses....more
Virtually all organizations have an obligation to safeguard their personal data against unauthorized access or use, and, in some instances, to notify affected individuals in the event such access or use occurs. Those...more
Report on Patient Privacy 23, no. 10 (October, 2023) By 2016, it should have been clear to HIPAA covered entities that a security risk analysis—and corresponding risk management plan—were compliance basics. Yet, a new...more
Looking for compliance education and networking in your area? HCCA’s Regional Healthcare Compliance Conferences offer practitioners convenient, local compliance education, including updates on the latest news in regulatory...more
When can a data breach get worse? When the process of notifying victims creates a second breach. Take the example of a cancer treatment center that recently paid $425,000 to settle allegations that included a faulty...more
On December 6, 2021, in the Memorandum for the Heads of Executive Departments and Agencies, the Office of Management and Budget took a more aggressive position on strengthening the nation’s cybersecurity posture. Under this...more
Healthcare risk doesn’t stop at the facility’s door. Covered entities have countless business associates (BA), each of which poses risks of its own. That, in and of itself, is a challenge, but Gerry Blass, President and CEO...more
Please join us for our annual healthcare compliance seminar to discuss current developments in healthcare regulation and hospital compliance... Registrants will have the option of selecting the sessions they would like to...more
The Compliance Institute is celebrating 25 years! Join us for the Compliance Institute's 25th anniversary, April 19-22, 2021. This year, HCCA is excited to celebrate over two decades of compliance excellence with our...more
Given the choice between credit card data and digital health records, cybercriminals prefer the latter. A stolen credit card can be canceled. Electronic protected health information (ePHI) with its treasure-trove of...more
In the top three of the list of highly sensitive personal data to be concerned about is our medical information. It’s so sensitive because it is so personal. It used to be that our medical information was located in paper...more
From the recent headline-grabbing attacks on hospitals and municipalities, the specter of cybersecurity threats looms large. As a result, spending on cybersecurity initiatives is expected to reach $96 billion this year....more
In its November newsletter, the Office for Civil Rights (OCR) made a great point that we are seeing in the industry—the risks associated with previous employees. According to its newsletter, entitled “Insider Threats and...more
Effective March 1, 2017, the New York State Department of Financial Services promulgated regulations to help protect against cybercriminals and their efforts to exploit sensitive electronic data. These cybersecurity...more
HHS OCR issues checklist, iterative guidance in wake of WannaCry and Petya attacks; Anthem breach settlement provides additional lessons. Key Points: ..Healthcare organizations are particularly vulnerable to ransomware...more
Cybersecurity has increasingly moved into the spotlight in recent years, with regulators and financial firms alike clambering to keep pace with rapidly changing demands as threats continue to evolve....more
We can learn some valuable lessons about compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) from settlements that are announced by the U.S. Department of Health and Human Services, Office...more
A covered entity will need to arrange for someone to perform the CISO function, dedicate resources to conduct periodic risk assessments, develop and implement policies and procedures, and retain appropriate personnel and...more
As we previously reported, in December 2016 the New York Department of Financial Services (the “DFS”) announced that it was revising its proposed regulation that would require banks, insurance companies and other financial...more