August 16, 2017. On August 15, 2017, the National Institute of Standards and Technology (NIST) announced publication of the Draft Fifth Revision of NIST Special Publication (SP) 800-53 in a news release entitled: “NIST Crafts Next-Generation Safeguards for Information Systems and the Internet of Things.” NIST encourages public comment on Draft NIST SP 800-53-5 during the comment period of August 15-September 12, 2017, with comments sent via email by September 12, 2017, to: sec-cert@NIST.gov, with the subject line: “’Comments on Draft SP 800-53 Rev.5.’”
August 9, 2017. The September 2017 issue of Consumer Reports has an article in the Ask Our Experts section entitled: “How do ransomware attacks work? And if one happens to me, should I pay?” Here is part of the excellent answer:
August 8, 2017. The National Institute of Standards and Technology (NIST) has published with an August 2017 publication date NIST Special Publication (SP) 800-181: National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework. The Abstract for this publication follows:
July 27, 2017. The Office for Civil Rights (OCR) of the U.S. Department of Health and Human Services (HHS) has improved its breach portal for filing a Notice to the Secretary of HHS—Breach of Unsecured Protected Health Information, downloading a sample form showing Breach Portal Required Information for reporting a breach, listing Cases Currently Under Investigation that were reported in the past 24 months, and providing an archive of “all resolved breach reports and/or reports older than 24 months.” As of today, there are 350 cases under investigation and 1,659 cases in the archive that dates back to the required reporting date in September 2009.
June 27, 2017. The National Institute of Standards and Technology (NIST) released this month new Digital Identity Guidelines in a suite of four final documents in the Special Publication (SP) 800 series as SP 800-63-3. According to NIST, this suite of four documents covers “digital identity from initial risk assessment to deployment of federated identify solutions.” This suite is an outcome of a collaboration of stakeholders from government, industry, and academe, with the guidelines in the suite of documents describing “the risk management processes for selecting appropriate digital identity services and the details for implementing identity assurance, authenticator assurance, and federation assurance levels based on risk”.
June 13, 2017. On June7, 2017, the Office of Inspector General (OIG) of the U.S. Department of Health and Human Services (HHS) released a Report of an audit of incentive payments to eligible providers (EPs) for adoption and meaningful use of certified electronic health record technology, entitled: Medicare Paid Hundreds of Millions in Electronic Health Record Incentive Payments That Did Not Comply With Federal Requirements. The Report describes how the audit was conducted:
June 12, 2017. The Office for Civil Rights (OCR) of the U.S. Department of Health and Human Services (HHS) published on June 8, 2017 via its SecurityList “OCR Quick Response Cyber Attack Checklist and Graphic.” The Checklist is entitled: My entity just experienced a cyber-attack! What do we do now? – A Quick-Response Checklist from the HHS, Office for Civil Rights (OCR).
June 6, 2017. On May 30, 2017, the Portland, OR office of the Federal Bureau of Investigation issued a news release entitled: FBI Tech Tuesday: Building a Digital Defense with an Email Fortress. The news release provides recommendations for your organization to harden its email system to prevent it from being a defenseless gateway for phishing attempts inducing your workforce members to execute malware on what appear to be legitimate email communications. We present below the recommendations, but recommend that your organization download the news release and circulate the news release with the FBI imprimatur in your organization to call attention to this important matter for foiling successful cyber phishing attempts to penetrate your organization’s information systems.
June 4, 2017. On June 2, 2017, the Centers for Medicare & Medicaid Services (CMS) released an update entitled: Emergency Preparedness Rule that revises certain downloadable Frequently Asked Questions (FAQs) pertaining to the September 16, 2016, Final Rule entitled: Medicare and Medicaid Programs; Emergency Preparedness Requirements for Medicare and Medicaid Participating Providers and Suppliers published in the Federal Register. The preceding June 1, 2017, post describes the 17 providers and suppliers required to achieve compliance with the provisions of the Final Rule by November 15, 2017. Here are Questions (Q) and Answers (A) marked as “revised June 2017” in this update:
June 1, 2017. On September 16, 2016, the Centers for Medicare & Medicaid Services (CMS) published in the Federal Register the Final Rule entitled: “Medicare and Medicaid Programs; Emergency Preparedness Requirements for Medicare and Medicaid Participating Providers and Suppliers.” Here is the Summary of the Final Rule, as published: