24By7Security Blog Get the latest news in cybersecurity, compliance and more from 24By7Security.
- HIPAA Security Rule Compliance Urged by OCRby sanjay.deo@24by7security.com (Sanjay Deo) on October 29, 2024 at 12:00 pm
HIPAA Security Rule Compliance Urged by OCR to Reduce Vulnerability to Hacking and Ransomware Office for Civil Rights warns healthcare providers, business associates, insurers against perils of non-compliance
- PCI DSS 4.0.1 Updateby rema.deo@24by7security.com (Rema Deo) on October 15, 2024 at 4:29 pm
How the New v4.0.1 Changed PCI DSS 4.0 (and How it Didn’t) Compliance with PCI Data Security Standard 4.0 is still mandatory by March 31, 2025!
- CMMC 2.0 Updateby sanjay.deo@24by7security.com (Sanjay Deo) on October 1, 2024 at 12:15 pm
CMMC 2.0 Compliance: Newly Updated Timeline for Defense Contractors, Subs, and Suppliers If you handle Federal Contract Information (FCI) or Controlled Unclassified Information (CUI) as part of your contractual work with the Department of Defense (DoD), you will be required to demonstrate compliance with the CMMC 2.0 cybersecurity framework in order to maintain your ability to bid on DoD work. This is Fact 1.
- DORA Compliance is Mandatory on January 17, 2025 – Are You Ready?by sanjay.deo@24by7security.com (Sanjay Deo) on September 17, 2024 at 12:00 pm
New cybersecurity requirements affect financial firms doing business in Europe plus IT and comm tech providers who serve them from U.S. and elsewhere The Digital Operational Resilience Act (DORA), also known as EU 2022/2554, took initial effect January 16, 2023, and allowed two years for firms to comply. Full DORA compliance becomes mandatory on January 17, 2025—just four months from now. Are you ready?
- HITRUST Preparednessby sanjay.deo@24by7security.com (Sanjay Deo) on September 3, 2024 at 12:00 pm
Preparing for HITRUST Certification Here’s how to do it, why you should, and two checklists to help you succeed The most effective way to meet the relentless challenges of the digital age is through a robust cybersecurity and regulatory compliance program. Several cybersecurity frameworks have been developed over time as roadmaps toward this goal and one, arguably, has become the gold standard.
- New Ransomware Survey Resultsby sanjay.deo@24by7security.com (Sanjay Deo) on August 20, 2024 at 12:00 pm
Latest Survey Spotlights Top Causes of Ransomware Unpatched vulnerabilities, phishing/malicious emails, and stolen credentials are leading causes of ransomware The latest ransomware survey confirms what previous surveys and studies have shown—that the leading causes of ransomware remain unchanged in recent years. In addition to revealing more about the root causes, the survey conducted by Sophos in January and February 2024 and released in April offers new insights into the size of ransom demands, who pays the ransoms, and how much they pay. Still, the important lessons lie in the root causes of ransomware, for those smart enough to learn from them.
- Synthetic Identity Fraud and Its Very Real Impact on Businessby rema.deo@24by7security.com (Rema Deo) on August 6, 2024 at 12:00 pm
This Emerging Cybercrime Hurts Everyone It Touches Synthetic identity fraud is a crime. It is either a felony or misdemeanor depending on its scale and financial impact. In this emerging form of fraud, a cybercriminal combines stolen information, such as an actual Social Security number, with other data that may be a mix of real and invented information, such as name, date of birth, address, and social media handles. The result of this forged alliance is a fake or synthetic identity that can then be used to commit acts of financial fraud. Synthetic identities are effective because they appear to be real and legitimate.
- Revenue Cycle Management Security: Why It’s a Problem, and How It Can Be Solvedby rema.deo@24by7security.com (Rema Deo) on July 23, 2024 at 12:15 pm
Healthcare business associates who provide revenue cycle management services are vulnerable to cyber attack Vendors who provide revenue cycle management services to hospitals, medical centers, and other healthcare providers continue to be vulnerable to hacking, ransomware schemes, and other cybersecurity issues. Not only do their vulnerabilities put patient data at risk—they can also have downstream effects on other vendors in the healthcare supply chain.
- The Gist of NIST CSF 2.0by sanjay.deo@24by7security.com (Sanjay Deo) on July 9, 2024 at 12:15 pm
The Gist of NIST CSF 2.0 is Simplicity: Easy to Understand Framework, Step by Step Instructions NIST CSF 2.0 is a maturity model that indicates how well-developed your cybersecurity program is today, and what improvements are required A recent 24By7Security survey, conducted during the Gist of NIST CSF 2.0 webinar on June 27, 2024, revealed that 25% of IT and cybersecurity professionals were not aware of the new NIST CSF 2.0 requirements, with another 15% not sure. The good news is that 60% of respondents admit having at least a working familiarity with the new Cybersecurity Framework which was released by the National Institute of Standards and Technology (NIST)on February 26, 2024.
- Understanding the New HIPAA Privacy Rule for Reproductive Health Care Privacyby rema.deo@24by7security.com (Rema Deo) on June 28, 2024 at 7:51 pm
Introduction The recent amendment to the HIPAA Privacy Rule by the U.S. Department of Health and Human Services (HHS) represents a significant development in the protection of reproductive health care privacy. This update addresses the evolving legal and public concerns following the overturning of Roe v. Wade, which has introduced new challenges and considerations for both healthcare providers and patients. Public Engagement and Feedback When the proposed modifications to the HIPAA Privacy Rule were announced, they garnered significant public interest, resulting in nearly 30,000 comments from a diverse range of stakeholders, including healthcare providers, patient advocacy groups, legal experts, and private citizens. This extensive feedback underscores the critical nature of reproductive health care privacy and reflects widespread concern about the management and protection of reproductive health information in the current political and social context.