Help Me With HIPAA

Welcome to the 2024 Blooper Show, where we prove once again that even after nine years, perfection is overrated and laughter is mandatory! Big shoutout to Bojan, our long suffering audio engineer extraordinaire, who turns our chaos into coherence. And of course, we can’t forget you—our amazing listeners—who tune in each week, send us your thoughts and questions, and share the chaos with your friends. Cheers to you for making this madness worth it! More info at HelpMeWithHIPAA.com/2024blooper

Cybersecurity incidents can feel like a punch in the gut, but with the right plan, you can roll with the hits instead of flailing in panic. In this episode, we’re diving into executive strategies for tackling the unexpected, from building response teams to keeping business operations afloat when chaos strikes. Along the way, we also cover a recent corrective action plan that serves as a cautionary tale for getting your protocols in order before trouble comes knocking. This is your go-to guide for staying cool when the heat is on! More info at HelpMeWithHIPAA.com/488

Is your healthcare organization ready for a triple threat, or are you playing a risky game of cybersecurity roulette with delayed access, ransomware demands, and a missing incident response plan? Today, we explore three tales in healthcare that are equal parts cautionary and compelling. We kick things off with the Healthcare and Public Health Sector Coordinating Council’s shiny new cyber incident response checklist—aka your cheat sheet for keeping calm in the face of chaos. Then, we give you the juicy details of a hefty civil money penalty slapped on a healthcare entity for dragging their feet on providing patient records (spoiler alert: patience isn’t a virtue when it comes to HIPAA). Finally, we unravel the saga of a ransomware attack that not only encrypted data but also emptied some wallets. Whether you’re here to learn, laugh, or just feel better about your own compliance game, this episode’s got you covered. Buckle up, because the HIPAA ride is wild! More info at HelpMeWithHIPAA.com/487

Feeling thankful this season? Us too—especially when it comes to dodging data disasters! In this episode, Donna and David dive headfirst into some eyebrow-raising cybersecurity tales, from job application breaches exposing sensitive information to the ever-creepy risks of unsecured IoT devices (yes, even your vacuum might be plotting against you). Whether it’s researchers discovering unsecured data files or hackers turning robot vacuums into racially inappropriate terrors, we’re reminded to never take our digital safety for granted. Grab your popcorn (or an encrypted snack, if that’s a thing) and join us as we talk about what it means to truly be grateful for solid security practices this year. More info at HelpMeWithHIPAA.com/486

Doing a half-baked risk analysis is like locking your front door but leaving all the windows wide open. What’s the point?  Today, we dive into the first-ever Security Risk Assessment (SRA) violation settlement—a juicy topic for compliance nerds and healthcare pros alike. We’re talking ransomware, compliance checklists (the kind you actually need), and why a “kinda-sorta risk analysis” isn’t going to cut it with the OCR. Along the way, we’ll break down the $90K fine, the three-year corrective action plan, and what this means for everyone still winging their HIPAA risk assessments. Time to up your game folks! More info at HelpMeWithHIPAA.com/485

Buckle up for Part 2 of our breakdown on the HHS OCR NIST healthcare security conference - because, yes, 16 hours of deep dives into AI, HIPAA compliance, and cybersecurity priorities can’t be tackled in just one episode! From wild projections about AI’s future in healthcare to OCR’s “tough love” on compliance standards, this episode peels back the curtain on the big decisions shaping healthcare data security. It’s a whirlwind tour through risks, regulations, and the occasional debate on why “just doing it the old way” won’t cut it anymore. Let’s get into it! More info at HelpMeWithHIPAA.com/484

Buckle up, folks! Today, Donna and David are here with Part 1 of their deep dive into the recent HHS OCR NIST healthcare security virtual conference, and they're spilling all the cyber-tea. With experts from HHS, OCR, NIST, FTC, and FDA presenting, this conference covered a ton. From AI-powered hackers and QR code scams to unpatched medical devices and a spike in supply chain attacks, the discussions centered on what it takes to keep healthcare data and devices secure in a constantly evolving threat landscape. Wondering why healthcare data security feels like a game of whack-a-mole? Tune in to find out! More info at HelpMeWithHIPAA.com/483

Ever heard someone say you need a pen test but then start wondering if they meant a pen from a spy movie? There typically is a lot of confusion between penetration testing and vulnerability assessments—a common mix-up with big consequences for your cybersecurity game. We will walk through different types of pen tests, explain how they help you spot weaknesses before the bad guys do and tackle why continuous vulnerability management can save you from surprises. Whether you’re building up your defenses or simply trying to keep up with best practices, this episode is packed with insights on staying ahead of cyber threats, one test at a time. More info at HelpMeWithHIPAA.com/482

Ever had a root canal that felt less painful than dealing with bureaucracy? Well, buckle up, because in this episode, we sink our teeth into the 50th patient right of access enforcement action under HIPAA. That’s right—50 cases since 2019, and somehow, this one involving Dr. Gumb (yes, really) and a dental records dispute is the most absurd of the bunch. From a refusal to hand over records to racking up government fines like trading cards, this saga is a wild reminder of what happens when compliance takes a backseat.  More info at HelpMeWithHIPAA.com/481

Today we tackle the trifecta of cybersecurity headaches: Microsoft’s awkwardly ambitious recall feature, the looming HISAA regulations (because HIPAA wasn’t enough), and a juicy enforcement action following a ransomware attack. We’ll break down how Microsoft’s recall reboot went from intrusive default to opt-in relief, why HISAA could mean mandatory stress tests for healthcare providers, and what lessons we can learn from a ransomware attack that left 291,000 patient records exposed—and a corrective action plan no one wants. If you've ever wondered how healthcare security, government fines, and tech mishaps collide, this one’s for you. More info at HelpMeWithHIPAA.com/480

Leaving your web browser open with 25 tabs is the digital version of leaving your front door unlocked? Whether it's for email, work docs, shopping, or watching cat videos, your browser is the gateway to, well, everything. But as much as we depend on them, so do hackers. From credential theft to sneaky phishing attacks, cybercriminals are finding clever ways to turn your favorite browser into a tool for their dirty work. Today, we’ll break down the wild world of browsers—how we rely on them, and how hackers are exploiting them while we casually leave 25 tabs open at once. Note to self:  it’s time to update your browser (and maybe close a few tabs)! More info at HelpMeWithHIPAA.com/479

Boo! 🎃 Halloween may not be here yet, but we’re kicking off the spooky vibes early! Donna and David dive into the eerie world of cybersecurity, where the tricks are plentiful, and the treats are hard to find. From scary ransomware attacks to the horrifying reality of business email compromises, the internet is scarier than a haunted house with no exit. Grab your digital pumpkin spice latte, because we're about to unravel some terrifying myths that will make you think twice before you click on anything! More info at HelpMeWithHIPAA.com/478

Healthcare marketing is tricky enough without tripping over the big pitfalls that could leave you tangled up in HIPAA violations or a patient privacy disaster. Today we break down five common marketing mistakes you definitely want to steer clear of. From misinterpreting HIPAA rules to guarding patient data like it’s your grandma’s secret cookie recipe, these blunders can get you into serious trouble. We’re here to help you navigate these common missteps and protect your business from unnecessary risks. More info at HelpMeWithHIPAA.com/477

Do you feel like cyberattacks are the world’s worst game of whack-a-mole? No matter how many you smack down, ten more pop up— and there’s no sign of it slowing anytime soon and neither is the confusion over who’s responsible when your data gets caught in the crossfire. If your supply chain and your own security safeguards aren't locked down, you might as well be rolling out the red carpet for hackers. Tune in as we break down the latest mess, and yes, it’s as frustrating as it sounds! More info at HelpMeWithHIPAA.com/476

Ever left your front door unlocked, thinking it’s no big deal? Well, that’s what happens when you forget about facility access controls – and the consequences can be far worse than a missing TV!  Today, we dive deep into a topic that often gets overlooked but is critical to any organization’s security – facility access controls. Whether it's ensuring that only authorized personnel can access sensitive areas or protecting valuable equipment from walking out the door, facility access controls are a crucial part of safeguarding not just data but also physical assets. And as much as we love talking about tech, this time it's all about locks, keys, and keeping the wrong people out.  More info at HelpMeWithHIPAA.com/475

It's that time of year again: Cybersecurity Awareness Month! We're diving into the world of cybersecurity like a hacker in a candy store—except we're here to keep the candy (your data) safe! We're breaking down how you can use the free CE Awareness Month toolkit to boost your cybersecurity game both in your business and at home. Whether you're an IT pro or someone who just learned how to turn on two-factor authentication, we've got tips, tricks, and a few laughs to help you navigate the digital wild west. So buckle up and let's secure our world, one strong password at a time! More info at HelpMeWithHIPAA.com/474

Navigating the world of cybersecurity these days feels like walking through a minefield with clown shoes—are you stepping safely or just a step away from disaster? In this episode, we dive into the jaw-dropping National Public Data breach that's got everyone asking, "Am I a victim too?" Spoiler alert: the odds aren't in your favor. Then, we sift through the chaos of the recent CrowdStrike outage because what's a week in cybersecurity without a little mayhem? And just when you thought it couldn't get worse, we’ve got a few more terrifying tales ripped straight from the headlines to keep you on your toes. Grab your stress ball, and let’s brace ourselves for a journey into the digital dark side! More info at HelpMeWithHIPAA.com/473

In this episode, we're diving deep into the world of Software Bill of Materials (SBOM)—basically, the recipe for your software, minus the secret sauce. If you've ever wondered what's really under the hood of your favorite apps (or been caught off guard by a sneaky ingredient), this one's for you. We’re breaking down why you should care about SBOMs, how they’re becoming a must-have in your vendor vetting process, and what it all means for the future of tech. Think of it as your crash course in making sure your software isn’t serving up any nasty surprises. More info at HelpMeWithHIPAA.com/472

Navigating healthcare cybersecurity is like walking through a minefield—you never know which step could trigger the next explosion. In this episode, we’re diving headfirst into the bloody mess of ransomware attacks that have turned hospitals and blood banks into a logistical nightmare. Amidst the chaos, Health-ISAC and the American Hospital Association are urging special consideration for critical supply chain entities. It’s a wild ride through the chaos that one click can unleash on healthcare, and how the ripple effects can leave everyone scrambling to pick up the pieces. More info at HelpMeWithHIPAA.com/471

How well do you really know your remote workers? With remote work increasingly becoming the norm, the complexities of securing devices and monitoring access have skyrocketed. The challenges of providing robust security measures for an increasingly dispersed workforce are immense. Real-world examples like the KnowBe4 incident, where a remote worker used a stolen identity to infiltrate company systems, highlight the necessity of layered security and proactive monitoring. Our discussion today, highlights the crucial need to grasp the subtle threats from cyber attackers, especially when dealing with sensitive patient data and HIPAA compliance. More info at HelpMeWithHIPAA.com/470