web analytics

How Mega Attacks Are Spotlighting Critical 3rd-Party Risks – Source: www.databreachtoday.com

how-mega-attacks-are-spotlighting-critical-3rd-party-risks-–-source:-wwwdatabreachtoday.com
Rate this post

Source: www.databreachtoday.com – Author: 1

3rd Party Risk Management
,
Governance & Risk Management
,
Healthcare

Regulatory Attorney Rachel Rose on Top Concerns for Healthcare Security

Andrew Koh
September 18, 2024    
20 Minutes   

How Mega Attacks Are Spotlighting Critical 3rd-Party Risks

Rachel Rose, regulatory attorney

Recent mega data breaches involving third-party vendors – such as the Change Healthcare cyberattack – are intensifying the spotlight on critical security risk management and governance issues for business associates and other suppliers, said regulatory attorney Rachel Rose.

When it comes to the impact of cyberattacks on third-party suppliers, “I look at it as a hub and spoke. And the trend that’s very apparent to me is that cybercriminals are going for an entity that has a lot of spokes that extend into a variety of different organizations,” Rose said.

“So, instead of targeting one hospital, they are going for a Change Healthcare or a SolarWinds that has a lot of healthcare clients, for example, as well as government, financial, defense,” she said.

“What this underscores for me from a compliance standpoint is making sure that covered entities and business associates do adequate due diligence and really appreciate what they are attesting to in their business associate agreement.”

The first part of any business associate agreement requires the parties to affirmatively state that they are aware of their obligations under federal regulations such as HIPAA and the HITECH Act, as well as relevant state laws, she said. “So, ensuring again that you’re doing adequate due diligence and that you’re not attesting to something that you know to be false” is crucial, she said. “It can come up later on, especially in the event of a post-breach scenario.”

In this audio interview with Information Security Media Group (see audio link below photo), Rose also discussed:

  • What healthcare-related organizations should consider when using online tracking tools;
  • How to comply with HHS’ information blocking regulations, HIPAA and various state laws that require healthcare sector firms to provide patients with access to their requested health records in the format of their choosing;
  • How HHS’ cybersecurity performance goals map to the HIPAA Security Rule;
  • Areas in which HHS’ HIPAA enforcement focus could potentially shift depending on the outcome of the 2024 U.S. presidential election.

Rose, licensed in Texas, is a fellow of the Federal Bar Association and serves as a director on the FBA’s national board. She is a member of and the immediate past chair of the Federal Bar Association’s Government Relations Committee and an advisory board member of its Qui Tam Section.


Original Post url: https://www.databreachtoday.com/interviews/how-mega-attacks-are-spotlighting-critical-3rd-party-risks-i-5418

Category & Tags: –

Views: 0

LinkedIn
Twitter
Facebook
WhatsApp
Email

advisor pick´S post

Apress
Jump-start Your SOC Analyst Career – A Roadmap to Cybersecurity Success by Apress
Jump-start Your SOC Analyst Career...
NIST
Digital Forensics and Incident Response (DFIR) Framework for Operational Technology (OT) by NIST – Eran Salfati and Michael Pease
Digital Forensics and Incident Response...
CISO2CISO Notepad Series
How Can We Structure Cybersecurity Teams To Better Integrate Security In Agile At Scale?
How Can We Structure Cybersecurity...
OCCUPYTHEWEB
Linux Basics for Hackers by Occupytheweb
Linux Basics for Hackers by...
Practical DevSecOps
API Security Fundamentals – Your Handy Guide to Building an Unhackable System by practical-devsecops.com
API Security Fundamentals – Your...
Think Big Blog
Top 10 TED Talks to Learn about Cyber Security
Top 10 TED Talks to...
Marcos Jaimovich
The Silent Spectre Haunting Your Network: QPhishing, the CISO’s Unspoken Nightmare.
The Silent Spectre Haunting Your...
Marcos Jaimovich
Goodbye to Traditional: Why Conventional Cybersecurity Tools are No Longer Sufficient for the Future of Digital Threats ?
Goodbye to Traditional: Why Conventional...
Marcos Jaimovich
Why do we compare a SOC (Security Operations Center) with the cockpit of a commercial airplane? by Marcos Jaimovich
Why do we compare a...
Joas Antonio
Security Operations Center (SOC) – Tools for Operations Development by Joas Antonio
Security Operations Center (SOC) –...
IZZMIER
Incident Response Playbooks & Workflows Ready for use in your SOC & Redteams
Incident Response Playbooks & Workflows...
LOGPOINT
396 Use Cases & Siem Rules Code ready for use for Mitre Attacks Events Detection in Your SOC by Logpoint
396 Use Cases & Siem...

LASTEST PUBLISHED POSTS

ACN
Guidelines for secure AI system development
Guidelines for secure AI system...
Incibe
Ciberseguridad en Smart Toys
Ciberseguridad en Smart Toys
Flashpoint
Global Threat Intelligence Report
Global Threat Intelligence Report
HSBC
A new payments paradigm
A new payments paradigm
WORLD BANK GROUP
Global Cybersecurity Capacity Program
Global Cybersecurity Capacity Program
Gary Hinson
Getting started withsecurity metrics
Getting started withsecurity metrics
EDPS
Generative AI and the EUDPR.
Generative AI and the EUDPR.
Bright
2024 Guide to Application Security Testing Tools
2024 Guide to Application Security...
HADESS
Hacker Culture
Hacker Culture
Quuensland Govermment
RISK ASSESSMENT PROCESS HANDBOOK
RISK ASSESSMENT PROCESS HANDBOOK
Ministry of MOS Security
HIPAA SIMPLIFIED
HIPAA SIMPLIFIED
Hacker Combat
How Are Passwords Cracked?
How Are Passwords Cracked?

More Latest Published Posts

IGNITE Technologies
A Detailed Guide on Covenant
A Detailed Guide on Covenant
NIST
Computer Security Incident Handling Guide
Computer Security Incident Handling Guide
IGNITE Technologies
DIGITAL FORENSIC FTK IMAGER
DIGITAL FORENSIC FTK IMAGER
Accedere
Cloud Security Assessment
Cloud Security Assessment
YL VENTURES
CISO Reporting Landscape 2024
CISO Reporting Landscape 2024
CISO Edition
Reporting Cyber Risk to Boards
Reporting Cyber Risk to Boards
CIOB
CIOB Artificial Intelligence (AI) Playbook 2024
CIOB Artificial Intelligence (AI) Playbook 2024
INCIBE & SPAIN GOVERNMENT
Nuevas normativas de 2024 de ciberseguridad para vehículos
Nuevas normativas de 2024 de ciberseguridad para vehículos
INNOVERY
RESILIENCIA
RESILIENCIA
CEH
Certifications Preparation Guide
Certifications Preparation Guide
Sandhya Kaushik
Checklist for Securing Your Android Apps
Checklist for Securing Your Android Apps
aDvens
May Cyber Threat Intelligence monthly report
May Cyber Threat Intelligence monthly report
Insikt Group
Caught in the Net
Caught in the Net
IGNITE Technologies
BURP SUITE FOR PENTESTER TURBO INTRUDER
BURP SUITE FOR PENTESTER TURBO INTRUDER
SYED ABUTHAHIR
BUG BOUNTY AUTOMATION WITH PYTHON
BUG BOUNTY AUTOMATION WITH PYTHON
Foresiet
Brand Impersonation Attacks
Brand Impersonation Attacks
Google Cloud
Board of Directors Handbook for Cloud Risk Governance
Board of Directors Handbook for Cloud Risk Governance
ISACA
Blueprint for Ransomware Defense
Blueprint for Ransomware Defense
Shaurya Rawal
Blockchain Security
Blockchain Security
RISK academy
BEST RISK MANAGEMENT PROMPTS FOR CHATGPT
BEST RISK MANAGEMENT PROMPTS FOR CHATGPT
IGNITE Technologies
Best Alternative of Netcat
Best Alternative of Netcat
aws
AWS Security Incident Response Guide
AWS Security Incident Response Guide
DevSecOps Guide
Attacking Rust
Attacking Rust
DevSecOps Guide
Attacking Pipeline
Attacking Pipeline
DevSecOps Guide
Attacking Golang
Attacking Golang
HADESS
Assembly for Hackers
Assembly for Hackers
BIONIC
Application Security Posture Management
Application Security Posture Management
Wallarm
API ThreatStatsTM Report
API ThreatStatsTM Report