NIST Publishes National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework aka NICE Framework

August 8, 2017. The National Institute of Standards and Technology (NIST) has published with an August 2017 publication date NIST Special Publication (SP) 800-181: National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework. The Abstract for this publication follows:

OCR Publishes Quick-Response Cyberattack Checklist and Graphic for Healthcare Covered Entities and Business Associates

June 12, 2017. The Office for Civil Rights (OCR) of the U.S. Department of Health and Human Services (HHS) published on June 8, 2017 via its SecurityList “OCR Quick Response Cyber Attack Checklist and Graphic.” The Checklist is entitled: My entity just experienced a cyber-attack! What do we do now? – A Quick-Response Checklist from the HHS, Office for Civil Rights (OCR).

ICS-CERT of DHS Updates Guidance Resources to Help Healthcare Organizations Mitigate Cybersecurity Threat

May31, 2017. On May 30, 2017, the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) of the Department of Homeland Security (DHS) released Update G: Indicators Associated with WannaCry Ransomware (ICS-Alert-17-135-01G) that was originally released on May 15, 2017. We provide highlights and excerpts below, and recommend that your organization download the document and sign up for alerts going forward.

Perfect Storm: Double Jeopardy Cyberattack and HIPAA Noncompliance Peril for Covered Entities and Business Associates

May 15, 2017. For healthcare covered entities and business associates that have not implemented HIPAA Privacy and Security Rules and the HITECH Act Breach Notification Rule, the current massive, global ransomware cyberattack targeting hundreds of thousands of organizations worldwide is a ‘perfect storm’ and a wake-up call.

WEDI Publishes Issue Brief on Growing Concern of Cybercrime in Healthcare

April 4, 2017. The Workgroup for Electronic Data Interchange (WEDI) has published an Issue Brief entitled: “The Rampant Growth of Cybercrime in Healthcare.” The timing of the WEDI release coincides with the Federal Bureau of Investigation (FBI) Cyber Division release of “Cyber Criminals Targeting FTP Servers to Compromise Protected Health Information,” which HIPAA Integrity® has discussed in several of its posts in the past week. Designed for “Education and Awareness Use Only,” the Issue Brief “explores some of the common vulnerabilities of healthcare organizations that are typically exploited by threat adversaries in today’s environment as well as best practices to mitigate these vulnerabilities.”

Take the Pew Research Center Cybersecurity Knowledge Quiz

April 4, 2017. In the past week, HIPAA Integrity® has posted several significant pieces on the importance of implementing and hardening cybersecurity perimeter defenses to deter and mitigate the consequences of the growing incidence of cyberattacks such as phishing and ransomware demands resulting in impermissible access, use, and disclosure of unsecured protected health information (PHI).

Essential Reading Follow-up: “Why the FBI alert is a wakeup call for healthcare organizations”

March 31, 2017. On March 22, 2017, the Cyber Division of the Federal Bureau of Investigation (FBI) issued a Private Industry Notification entitled: “Cyber Criminals Targeting FTP Servers to Compromise Protected Health Information [PHI].” FTP servers mean File Transfer Protocol servers, with “U(FTP) a protocol widely used to transfer data between network hosts.” “The anonymous extension of FTP allows a user to authenticate to the FTP server via common username such as ‘anonymous’ or ‘ftp’ without submitting a password or by submitting a generic password or e-mail address.” Access to such servers containing protected health information (PHI) potentially imperils such information for impermissible use or disclosure.

Time for Covered Entities and Business Associates to Harden Their Security Defenses

January 31, 2017. In recent posts on the HIPAA Integrity® Website, we have urged our readers and clients to invest in security and to harden access to their IT systems in order to minimize the likelihood of a privacy breach or security incident and the consequences thereof. We commend to your attention an excellent January 23, 2017, Modern Healthcare Special Report written by Adam Rubenfire and Joseph Conn entitled: “Building a Better Cyberdefense: How to harness technology to protect your organization and patients from the latest cyberthreats.”

NIST Publishes Document on Cybersecurity Incident Recovery of Critical Import for Healthcare Safeguard Planning

December 27, 2016. The National Institute of Standards and Technology (NIST) published in December a NIST Special Publication (SP) 800-184 entitled: Guide for Cybersecurity Event Recovery, an important resource for healthcare covered entities and business associates for risk mitigation planning.

HIPAA Integrity® Links Its Security Compliance Tools Via Crosswalk to Cybersecurity Framework and NIST SP 800-53-4

November 11, 2016. We have reported in earlier blog postings about the National Institute of Standards and Technology (NIST) September 15, 2016, Cybersecurity initiative entitled: NIST Releases Baldridge-Based Tool for Cybersecurity Excellence: Comments Sought on Draft Guide to Enhance Cybersecurity Framework (posted October 18, 2016) and the NIST intention to release in March 2017 a 5th Revision of the Special Publication (SP) 800-53, Revision 4 entitled: Security and Privacy Controls for Federal Information Systems and Organizations (posted November 8, 2016).



  • October 2017 (1)
  • August 2017 (3)
  • July 2017 (1)
  • June 2017 (7)
  • May 2017 (12)
  • April 2017 (10)
  • March 2017 (2)
  • February 2017 (3)
  • January 2017 (4)
  • December 2016 (4)
  • November 2016 (7)
  • October 2016 (7)
  • September 2016 (2)
  • August 2016 (1)
  • July 2016 (3)
  • June 2016 (1)
  • May 2016 (1)
  • April 2016 (8)
  • March 2016 (6)
  • February 2016 (2)
  • December 2015 (1)
  • November 2015 (1)
  • October 2015 (4)
  • September 2015 (1)
  • June 2015 (8)
  • May 2015 (3)
  • April 2015 (2)
  • March 2015 (1)
  • November 2014 (1)
  • September 2014 (15)
  • August 2014 (6)
  • July 2014 (1)
  • June 2014 (13)
  • May 2014 (11)
  • April 2014 (13)
  • March 2014 (6)
  • February 2014 (12)
  • January 2014 (3)
  • December 2013 (1)