Congratulations to tw-Security—2024 Best in KLAS® Security & Privacy Services!

We're #1! Thank you to all our partners and customers!

NFL Players’ Medical Information Stolen

NFL Players’ Medical Information Stolen, But Laptop Theft Incident Likely Not Covered Under HIPAA Keith Fricke, principal consultant at consultancy tw-Security, says that having a laptop password-protected, but not encrypted, “gives a false sense of security” because passwords can be cracked or circumvented. “It’s akin to locking the windows and doors to a house, but […]

Read More

Analysis: HHS Precision Medicine Security Framework

Is It Enough to Safeguard Sensitive Patient Data? Some security experts say the disclosure and release of genetic data to patients – including data slated for use in medical research – also poses other potential concerns. “I would think for liability reasons a covered entity may want to withhold the release of genetic information. What […]

Read More

Ransomware: Healthcare Fights Back

Regulator, Lawmakers Mull New Steps to Protect Targeted Entities … “It is out of character for criminals behind ransomware to operate in this manner, based on what we’ve all seen since ransomware started,” says Keith Fricke, a principle consultant at consultancy tw-Security. “Criminals invest time and money in their ransomware and want a return on […]

Read More

Hacker Attacks in Healthcare: What’s Changed in 2016 So Far?

Hacks Are Still Common, But Fewer Patients Affected … Commenting on the apparent shift to smaller organizations being targeted for hacker attacks this year, Mark Dill, principal consultant at consultancy tw-Security, and former long-time CISO at the Cleveland Clinic notes: “Larger organizations – those most likely to have access to ‘mega’ amounts of data – […]

Read More

Transcribed Medical Records Exposed on the Web

Experts Offer Insights on How to Avoid Similar Security Blunders …”Due to changes and upgrades to systems, a system that is secure today could become vulnerable with the next change – thus the need to repeat the vulnerability scan periodically,” says Mark Dill, former longtime CISO at the Cleveland Clinic who is now a principal […]

Read More

Medicare’s New Physician Payment Plan: Impact on Security

Analyzing Proposal to End Part of HITECH Act’s EHR Incentive Program … Issues surrounding information blocking are often “subjective” and that could make enforcement by regulators difficult, says Tom Walsh, founder of security consulting firm, tw-Security. “Certain security controls may cause some unintentional consequences,” he notes. “For example, accidentally blocking a legitimate inbound or outbound […]

Read More

Anthem Breach: Lessons One Year Later

What Others Can Learn About Breach Prevention, Detection and Response … Organizations need to be far more aggressive in educating their workforce to recognize phishing schemes and implementing technical controls aimed at stopping phishing emails from penetrating their network perimeter, says Tom Walsh, founder of the security consulting firm tw-Security. “It only takes one phishing email […]

Read More

Hollywood Hospital Pays Ransom to Unlock Data

9 Steps to Take to Avoid Being the Next Extortion Victim To defend against ransomware attacks, it’s important to take a multi-pronged approach, says Mark Dill, principle consultant of consulting firm tw-Security and former long-time CISO at the Cleveland Clinic. “You can only attack this problem in a layered way – no one single fix […]

Read More

Hard Drives Lost, Affecting Nearly 1 Million

Incident Raises Issues About Encryption, Inventory Tracking The Centene incident shines a spotlight on the difficulties related to tracking IT inventory, says Tom Walsh, founder of security consulting firm tw-Security. “While the HIPAA Security Rule has an implementation specification of ‘accountability’ under the standard of ‘device and media controls,’ maintaining an accurate inventory and tracking […]

Read More

If EHR Incentive Program Ending, What’s Next?

Sizing Up Impact a New Regulatory Approach Will Have on Privacy, Security Unfortunately, some smaller provider organizations’ interest in conducting a risk assessment has been fueled only by qualifying for meaningful use incentive dollars, says Tom Walsh, founder of consulting firm tw-Security. “We see smaller providers that struggle every day just to keep their doors […]

Read More