AI in healthcare is kind of like an overenthusiastic intern—it’s full of potential, but someone probably should be watching it a little closer. In this episode, we dive into why artificial intelligence might be more “oops” than “awesome” when it comes to patient safety. A recent ECRI report flagged AI as a top safety concern and offered up smart recommendations like stronger governance and better training. From glitchy decision-making to eyebrow-raising cybersecurity breaches, we’re unpacking why AI still needs some serious adult supervision in the healthcare world. More info at HelpMeWithHIPAA.com/503
Think your once-a-year vulnerability scan is enough? That’s adorable. Waiting to check your security metrics until something goes wrong is like only checking your smoke alarm after the house starts smelling like burnt toast. In this episode, we peel back the layers on the top 10 security and privacy metrics every business should be tracking—whether you're the CEO, the IT person, or just someone who knows how to find the printer on the network. From patch management and MFA to phishing tests and forgotten routers older than your intern, we’ve got it all. Buckle up and get ready to verify like your digital life depends on it—because it kinda does. More info at HelpMeWithHIPAA.com/502
Buckle up, folks—this episode is a rollercoaster of cyber chaos! We kick things off with a quick chat about the upcoming PriSec Boot Camp (because let’s be real, who doesn’t love a good security boot camp?). But then, we dive headfirst into the madness: a fresh HIPAA smackdown over right-of-access failures, a rogue IT guy who locked down an entire company out of revenge, and some seriously sketchy Bluetooth vulnerabilities that could have hackers eavesdropping on your life. And if that wasn’t enough, the 2025 SonicWall Cyber Threat Report drops some terrifying stats on ransomware, business email compromise, and how AI is making cyberattacks even more dangerous. Grab your tinfoil hat and let’s get into it. More info at HelpMeWithHIPAA.com/501
500 episodes. A whole decade. Countless cybersecurity threats (and just as many dad jokes). Somehow, we’re still talking about the same cybersecurity nightmares—only now with fancier threats and AI-powered scams. In this milestone episode of Help Me With HIPAA, we take a trip down memory lane—reminiscing about our early struggles, the evolution of security risks, and why some lessons seem to need repeating... forever. Spoiler alert: bad guys are still bad, security is still hard, and if you’ve been with us since episode one, you’re officially a HMWH OG. If you’re new here, welcome—just know that staying out of breaches is a marathon, not a sprint. More info at HelpMeWithHIPAA.com/500
Cybersecurity: It’s like flossing—we all know we should do it, but a shocking number of people just…don’t. This week, we’re digging into the annual cybersecurity attitudes and behaviors report, which reveals just how careless people are with their passwords, personal info, and, well, basic online survival skills. But don’t worry, AI is here to save us! Or, possibly, to make things even worse. We’ll also explore how AI tools are being used (and misused), and why a scary number of people are feeding them sensitive work info like it’s a buffet. Buckle up—this one’s got some eye-opening stats! More info at HelpMeWithHIPAA.com/499
Cybersecurity report cards are in, and let’s just say—most companies would be grounded if their IT security grades were real school grades. With over 80% of Fortune 500s scoring a D or F, and healthcare companies hovering around the danger zone, it's clear that many organizations are securing data about as well as a cardboard vault. Just ask Warby Parker, which racked up multiple breaches over the years while seemingly skipping Cybersecurity 101. In this episode, we break down what these cybersecurity scores mean, how they were calculated, and what companies should be doing before they end up in the digital hall of shame. More info at HelpMeWithHIPAA.com/498
AI just leveled up, and we’re here to talk about it! In this episode, we dive into DeepSeek—the AI model that shook up the stock market, gave OpenAI a run for its money (literally), and is both insanely cheap to run and totally open-source (which is equal parts exciting and terrifying). We also break down the rise of deepfake scams, AI’s growing role in cybersecurity, and why you should probably question everything you see and hear online. If you love tech, security, and a healthy dose of paranoia, buckle up—this one’s for you! More info at HelpMeWithHIPAA.com/497
Imagine leaving your front door wide open in a neighborhood full of burglars, then acting shocked when your TV disappears. That’s basically what’s happening in healthcare cybersecurity. This week, we’re talking about why hackers are running rampant, how small healthcare practices are prime targets (no, you’re not “too small to matter”), and what basic security steps can actually make a difference. Spoiler alert: Ignoring the problem won’t make it go away. More info at HelpMeWithHIPAA.com/496
If you’ve ever wondered what it’s like to scream into the cybersecurity void, this episode might feel oddly relatable. We dive into why “bare minimum” isn’t a security strategy—it’s more like playing Russian roulette with your data. From regulatory head-scratchers to the harsh reality that a “bare minimum” security strategy is about as effective as locking your front door while leaving the windows wide open, this episode is your wake-up call, packed with sharp insights, analogies involving go-karts on the interstate, and the occasional frustrated sigh. More info at HelpMeWithHIPAA.com/495
If ignoring cybersecurity was a sport, some companies would be gold medalists—until they realize the prize is a hefty fine and years of regulatory headaches. It’s like leaving your car unlocked in a sketchy part of town with a neon sign that says, “Free Stuff Inside.” What could possibly go wrong? Well, in this episode, we break down six real-life cases that prove skimping on security is way more expensive than just doing it right in the first place. From ransomware attacks to patient right of access failures, we’re diving into what went wrong, why it happened, and—most importantly—how you can avoid becoming the next cautionary tale. More info at HelpMeWithHIPAA.com/494
Buckle up, folks, because this week’s episode is a wild ride through the Cavity of Lies—where HIPAA violations, ransomware attacks, and outright absurdity collide. What happens when a dental group tries to sweep a massive breach under the rug (or, you know, hide servers in bathrooms)? Let’s just say it doesn’t end well. From a 3-year-long cover-up to servers stored in all the wrong places, we’ve got lies under oath, policies that might as well be urban legends, and enough bad decisions to make you cringe harder than hearing the dentist say “we need to talk about your flossing habits.” More info at HelpMeWithHIPAA.com/493
Hold onto your compliance hats—big changes are brewing for HIPAA’s Security Rule! The Notice of Proposed Rulemaking (NPRM) is officially out for public comment, and it’s clear HHA and OCR are on a mission to modernize and tighten the safeguards for electronic protected health information (ePHI). From clarifying risk analysis expectations to making security requirements less, well, “vague,” these updates aim to bolster patient safety and data protection while keeping pace with today’s tech-driven world. But with great updates come great responsibilities for covered entities and business associates alike, so now’s the perfect time to weigh in and help shape the final rule before it’s set in stone. More info at HelpMeWithHIPAA.com/492
Ready to kick off 2025 with a bang? We’re diving into the must-dos for your Q1 2025 compliance and cybersecurity checklist, sprinkling in some risk management wisdom, and why Windows 10 is about as fashionable as shoulder pads in the 2020s. Plus, we sprinkle in a hearty dose of snark to keep you entertained while you get your compliance game strong. Oh and if your incident response plan is just “hope for the best,” it’s time to tune in. More info at HelpMeWithHIPAA.com/491
Ah, supply chain attacks—the gift that keeps on giving... headaches, fines, and catastrophic data breaches. In this episode, we unwrap three cautionary tales of organizations caught in the tangled web of digital supply chain chaos. From unpatched vulnerabilities and sneaky software backdoors to hackers casually buying network access like it’s an eBay auction, each story serves up a hard truth: you don’t want to be part of a supply chain attack, you don’t want to have a supply chain attack, and you definitely don’t want to delay dealing with a supply chain attack. So grab your metaphorical flashlight and let’s go spelunking into the murky caves of cybersecurity mishaps. More info at HelpMeWithHIPAA.com/490
It’s the final countdown, folks—the last episode of the year! And OCR decided to end 2024 with a bang, handing out settlements like candy at a Christmas parade. But here’s the twist: the candy comes with a price tag, and it’s not cheap. This episode hones in on OCR’s new enforcement initiative targeting incomplete and outdated risk analyses. So, before you pop the champagne, let’s make sure your SRA isn’t a ticking compliance time bomb. More info at HelpMeWithHIPAA.com/489
Welcome to the 2024 Blooper Show, where we prove once again that even after nine years, perfection is overrated and laughter is mandatory! Big shoutout to Bojan, our long suffering audio engineer extraordinaire, who turns our chaos into coherence. And of course, we can’t forget you—our amazing listeners—who tune in each week, send us your thoughts and questions, and share the chaos with your friends. Cheers to you for making this madness worth it! More info at HelpMeWithHIPAA.com/2024blooper
Cybersecurity incidents can feel like a punch in the gut, but with the right plan, you can roll with the hits instead of flailing in panic. In this episode, we’re diving into executive strategies for tackling the unexpected, from building response teams to keeping business operations afloat when chaos strikes. Along the way, we also cover a recent corrective action plan that serves as a cautionary tale for getting your protocols in order before trouble comes knocking. This is your go-to guide for staying cool when the heat is on! More info at HelpMeWithHIPAA.com/488
Is your healthcare organization ready for a triple threat, or are you playing a risky game of cybersecurity roulette with delayed access, ransomware demands, and a missing incident response plan? Today, we explore three tales in healthcare that are equal parts cautionary and compelling. We kick things off with the Healthcare and Public Health Sector Coordinating Council’s shiny new cyber incident response checklist—aka your cheat sheet for keeping calm in the face of chaos. Then, we give you the juicy details of a hefty civil money penalty slapped on a healthcare entity for dragging their feet on providing patient records (spoiler alert: patience isn’t a virtue when it comes to HIPAA). Finally, we unravel the saga of a ransomware attack that not only encrypted data but also emptied some wallets. Whether you’re here to learn, laugh, or just feel better about your own compliance game, this episode’s got you covered. Buckle up, because the HIPAA ride is wild! More info at HelpMeWithHIPAA.com/487
Feeling thankful this season? Us too—especially when it comes to dodging data disasters! In this episode, Donna and David dive headfirst into some eyebrow-raising cybersecurity tales, from job application breaches exposing sensitive information to the ever-creepy risks of unsecured IoT devices (yes, even your vacuum might be plotting against you). Whether it’s researchers discovering unsecured data files or hackers turning robot vacuums into racially inappropriate terrors, we’re reminded to never take our digital safety for granted. Grab your popcorn (or an encrypted snack, if that’s a thing) and join us as we talk about what it means to truly be grateful for solid security practices this year. More info at HelpMeWithHIPAA.com/486
Doing a half-baked risk analysis is like locking your front door but leaving all the windows wide open. What’s the point? Today, we dive into the first-ever Security Risk Assessment (SRA) violation settlement—a juicy topic for compliance nerds and healthcare pros alike. We’re talking ransomware, compliance checklists (the kind you actually need), and why a “kinda-sorta risk analysis” isn’t going to cut it with the OCR. Along the way, we’ll break down the $90K fine, the three-year corrective action plan, and what this means for everyone still winging their HIPAA risk assessments. Time to up your game folks! More info at HelpMeWithHIPAA.com/485