The Latest News on Security, Privacy & Compliance
There are several privacy, security and compliance topics making headlines and trending across the healthcare IT industry. For example, a new ransomware strain has emerged, the FDA plans to review medical device security, and we released a new infographic on insider threats. Read this month's newsletter to catch up on some of the latest headlines around the industry and at CynergisTek.
Why Crysis is Healthcare's Most Threatening Ransomware Yet

CynergisTek's Sr. Penetration Tester John Nye explains Crysis, a new strain of ransomware, in this blog post from Becker's Health IT & CIO Review. He details how the strain affects organizations' systems and whether or not a successful Crysis hit would be defined as a data breach.


Monitoring of Medical Device Security to Be Scrutinized

This article from GovInfoSecurity examines OIG's 2016 Mid-Year Work Plan, which includes assessing an FDA review of medical device security. In the article, CynergisTek's CEO Mac McMillan comments that the current state of medical device security is "embarrassing."


Effective Penetration Testing Methods and Frameworks

CynergisTek's John Nye recently wrote a blog post on several different penetration methods and frameworks. It includes information on "The Kill Chain" model, which will soon be integrated in our penetration testing processes.


Infographic: Insider Threats

We recently released a new infographic which details the growing threat of malicious and negligent insiders, which has been the root cause of several breaches resulting in monetary settlements and corrective actions plans after investigations by OCR.


Going On the Offensive in Healthcare Cybersecurity

CynergisTek's Mac McMillan wrote a blog post for HealthITSecurity that details several best practices CynergisTek recommends for healthcare organizations to use to defend against cyber attacks.


Free White Paper: Managing Third-Party Security and Privacy Risks

CynergisTek and Phreesia developed guidance on best practices that healthcare organizations can use to evaluate their third-party partners' privacy and security controls and risk management practices to ensure they are compliant with HIPAA rules. 


What is the Value of Having a Virtual Chief Information Security Officer (vCISO)?

In this article, one of our vCISO resources offers his first-hand insights into healthcare's lack of qualified cybersecurity personnel and details how a vCISO resource can help solve some of healthcare organizations' common security pain points.


Upcoming Educational Events
CynergisTek executives are speaking at several conferences and webinars in the next few months, including several CHIME LEAD Forums, FHIMA and NCHICA. CynergisTek is also providing several free HIPAA Privacy and Security Workshops across the nation. Click here for more details on all upcoming educational events.

Thank you for reading this month's newsletter. Email us if you would like to see additional topics addressed in the future.