Thursday, November 14, 2019
Home Blog

Failure to encrypt mobile devices results in $3 million HIPAA settlement

A US health system is forced to settle as a result of not encrypting mobile phones. Check out the source or the report here.

Photo by Yura Fresh on Unsplash

New HIPAA Security Risk Assessment Tool incorporates NIST framework

October 30, 2019 Release from OCR

In support of National Cyber Security Awareness Month (NCSAM), the Office for Civil Rights (OCR) and the Office of the National Coordinator for Health Information Technology (ONC) have released version 3.1 of the popular HHS Security Risk Assessment (SRA) Tool. This tool is designed to aid small and medium sized health care organizations in their efforts to assess security risks and help reduce the chance of being impacted by malware, ransomware, and other cyberattacks.

The current version of the SRA Tool includes functionality updates based on public input.  New features include:  

  • Threat and vulnerability validation;
  • Improved asset and vendor management (multi-select and delete functions added);
  • Incorporation of NIST Cybersecurity Framework references;
  • Capability to export the Detailed Report to Excel;
  • Addition of question flagging and a Flagged Report; and
  • Bug fixes and improved stability.

Download the SRA Tool and be sure to review the User Guide for tips on using this interactive tool. Questions? Email the Help Desk or view the materials and audio recording of the August 2019 SRA Tool webinar. ONC and OCR will continue to make improvements to the SRA Tool, so please reach out via the Health IT Feedback Form with suggestions.

Penetration Testers Arrested in Iowa Causing Controversy

Coalfire, a network penetration testing company, issued a press release regarding the arrest of their employees at an Iowa court house. The employees were authorized by the State of Iowa to perform penetration testing, but were arrested by local authorities after tripping a building alarm. This story is ongoing.

Coalfire press release here.