Tuesday, November 12, 2019
Home Blog

New HIPAA Security Risk Assessment Tool incorporates NIST framework

October 30, 2019 Release from OCR

In support of National Cyber Security Awareness Month (NCSAM), the Office for Civil Rights (OCR) and the Office of the National Coordinator for Health Information Technology (ONC) have released version 3.1 of the popular HHS Security Risk Assessment (SRA) Tool. This tool is designed to aid small and medium sized health care organizations in their efforts to assess security risks and help reduce the chance of being impacted by malware, ransomware, and other cyberattacks.

The current version of the SRA Tool includes functionality updates based on public input.  New features include:  

  • Threat and vulnerability validation;
  • Improved asset and vendor management (multi-select and delete functions added);
  • Incorporation of NIST Cybersecurity Framework references;
  • Capability to export the Detailed Report to Excel;
  • Addition of question flagging and a Flagged Report; and
  • Bug fixes and improved stability.

Download the SRA Tool and be sure to review the User Guide for tips on using this interactive tool. Questions? Email the Help Desk or view the materials and audio recording of the August 2019 SRA Tool webinar. ONC and OCR will continue to make improvements to the SRA Tool, so please reach out via the Health IT Feedback Form with suggestions.

Penetration Testers Arrested in Iowa Causing Controversy

Coalfire, a network penetration testing company, issued a press release regarding the arrest of their employees at an Iowa court house. The employees were authorized by the State of Iowa to perform penetration testing, but were arrested by local authorities after tripping a building alarm. This story is ongoing.

Coalfire press release here.

Hackers finding ways to exploit automotive software to overtake cars via Tech Republic

This news is not new news to those who attend hacker cons, but it is important for car makers and auto suppliers to take cyber security seriously.

Check out the article here or at the source.

ARMA International & NetGovern to Launch Definitive Benchmarking of Information Governance Programs via ARMA

Right before the conference ARMA announced a new benchmarking initiative for IG programs with NetGovern.

Read the announcement on ARMA or PRNewswire