Congratulations to tw-Security—2024 Best in KLAS® Security & Privacy Services!

We're #1! Thank you to all our partners and customers!

Medicare’s New Physician Payment Plan: Impact on Security

Analyzing Proposal to End Part of HITECH Act’s EHR Incentive Program … Issues surrounding information blocking are often “subjective” and that could make enforcement by regulators difficult, says Tom Walsh, founder of security consulting firm, tw-Security. “Certain security controls may cause some unintentional consequences,” he notes. “For example, accidentally blocking a legitimate inbound or outbound […]

Read More

Anthem Breach: Lessons One Year Later

What Others Can Learn About Breach Prevention, Detection and Response … Organizations need to be far more aggressive in educating their workforce to recognize phishing schemes and implementing technical controls aimed at stopping phishing emails from penetrating their network perimeter, says Tom Walsh, founder of the security consulting firm tw-Security. “It only takes one phishing email […]

Read More

Hollywood Hospital Pays Ransom to Unlock Data

9 Steps to Take to Avoid Being the Next Extortion Victim To defend against ransomware attacks, it’s important to take a multi-pronged approach, says Mark Dill, principle consultant of consulting firm tw-Security and former long-time CISO at the Cleveland Clinic. “You can only attack this problem in a layered way – no one single fix […]

Read More

Hard Drives Lost, Affecting Nearly 1 Million

Incident Raises Issues About Encryption, Inventory Tracking The Centene incident shines a spotlight on the difficulties related to tracking IT inventory, says Tom Walsh, founder of security consulting firm tw-Security. “While the HIPAA Security Rule has an implementation specification of ‘accountability’ under the standard of ‘device and media controls,’ maintaining an accurate inventory and tracking […]

Read More

If EHR Incentive Program Ending, What’s Next?

Sizing Up Impact a New Regulatory Approach Will Have on Privacy, Security Unfortunately, some smaller provider organizations’ interest in conducting a risk assessment has been fueled only by qualifying for meaningful use incentive dollars, says Tom Walsh, founder of consulting firm tw-Security. “We see smaller providers that struggle every day just to keep their doors […]

Read More

Email Breaches Lead to ‘Wall of Shame’

Recent Health Data Incidents Spotlight Common Security Challenges “Phishing is definitely a top problem that doesn’t always get the attention it deserves,” says Mark Dill, who joined consulting firm tw-Security earlier this month from the Cleveland Clinic, where he served as director of information security for 15 years. For instance, the Verizon Data Breach Investigation […]

Read More

Clinic Breach Involved Authorized User

Experts Offer Insights on Preventing Insider Incidents … The incident at Children’s Medical Clinics of East Texas spotlights some of the challenges involved with preventing breaches involving authorized users, says Tom Walsh, founder of the consulting firm tw-Security. “In this case, it is extremely difficult to prevent an authorized user from snooping or accessing patient […]

Read More

Texas Mental Health Center Hacked

Data on More Than 11,000 Patients Exposed While EHN says it doesn’t believe medical record information was exposed in the cyberattack, the fact that the exposed data included names of patients seeking mental health services presents a serious privacy concern for affected individuals, says Tom Walsh, founder of consulting firm tw-Security. “Any privacy breach is worrisome. However, […]

Read More

Analyzing ONC’s Interoperability Roadmap

10-Year Plan Shines Spotlights Privacy, Security Challenges … Security expert Keith Fricke, principal consultant at security consulting firm tw-Security describes the document as “a very good start in defining where things need to head,” but sees room for improvement. “A few areas of the roadmap were disappointing or concerning,” he says. “The roadmap sets expectations […]

Read More

Risk Analysis, Encryption Stressed in HITECH Act Final Rules

A Close Look at Guidelines for Safeguarding Patient Data … To guide healthcare providers, including smaller doctors’ offices, in conducting the Stage 3 risk analysis, the rule makes note of free tools and resources available to assist providers, including a Security Risk Assessment Tool developed by ONC and OCR. But the use of that tool is […]

Read More