NIST – TIPS

HHS Releases Voluntary Cybersecurity Practices, Supplementing Existing Requirements

January 15, 2019
By: Peter McLaughlin

At the close of 2018, the Department of Health and Human Services (HHS) published Health Industry Cybersecurity Practices (HICP): Managing Threats and Protecting Patients. While not formally styled as guidance or interpretive material, when the primary regulator of patient and health data protection offers “suggestions,” those subject to HIPAA had better pay attention. Beyond highlighting common threats to the protection of patient data, the HICP encompasses two supplemental technical volumes centering on small organizations and medium and large organizations. Background Healthcare and life sciences organizations (particularly… more

Should You Go “All In” with the Cloud? (And How to Manage That Risk)

December 11, 2018
By: Peter McLaughlin

While references to “the cloud” and “cloud computing” are significantly more familiar than they were five years ago, it remains clear that many organizations implement cloud resources ineffectively – or at least do not understand the implications of the shift. Some all-too-common lines of thinking: We’ve moved our applications to our cloud provider – what does that have to do with our software development life cycle?; Our cloud-platform provider is responsible for securing our applications and data; or We’ve outsourced that – and all the… more