Buckle up, folks, because this week’s episode is a wild ride through the Cavity of Lies—where HIPAA violations, ransomware attacks, and outright absurdity collide. What happens when a dental group tries to sweep a massive breach under the rug (or, you know, hide servers in bathrooms)? Let’s just say it doesn’t end well. From a 3-year-long cover-up to servers stored in all the wrong places, we’ve got lies under oath, policies that might as well be urban legends, and enough bad decisions to make y...
Jan 24, 2025•42 min•Ep. 493
Hold onto your compliance hats—big changes are brewing for HIPAA’s Security Rule! The Notice of Proposed Rulemaking (NPRM) is officially out for public comment, and it’s clear HHA and OCR are on a mission to modernize and tighten the safeguards for electronic protected health information (ePHI). From clarifying risk analysis expectations to making security requirements less, well, “vague,” these updates aim to bolster patient safety and data protection while keeping pace with today’s tech-driven...
Jan 17, 2025•57 min•Ep. 492
Ready to kick off 2025 with a bang? We’re diving into the must-dos for your Q1 2025 compliance and cybersecurity checklist, sprinkling in some risk management wisdom, and why Windows 10 is about as fashionable as shoulder pads in the 2020s. Plus, we sprinkle in a hearty dose of snark to keep you entertained while you get your compliance game strong. Oh and if your incident response plan is just “hope for the best,” it’s time to tune in. More info at HelpMeWithHIPAA.com/491...
Jan 10, 2025•48 min•Ep. 491
Ah, supply chain attacks—the gift that keeps on giving... headaches, fines, and catastrophic data breaches. In this episode, we unwrap three cautionary tales of organizations caught in the tangled web of digital supply chain chaos. From unpatched vulnerabilities and sneaky software backdoors to hackers casually buying network access like it’s an eBay auction, each story serves up a hard truth: you don’t want to be part of a supply chain attack, you don’t want to have a supply chain attack, and y...
Jan 03, 2025•51 min•Ep. 490
It’s the final countdown, folks—the last episode of the year! And OCR decided to end 2024 with a bang, handing out settlements like candy at a Christmas parade. But here’s the twist: the candy comes with a price tag, and it’s not cheap. This episode hones in on OCR’s new enforcement initiative targeting incomplete and outdated risk analyses. So, before you pop the champagne, let’s make sure your SRA isn’t a ticking compliance time bomb. More info at HelpMeWithHIPAA.com/489...
Dec 27, 2024•51 min•Ep. 489
Welcome to the 2024 Blooper Show, where we prove once again that even after nine years, perfection is overrated and laughter is mandatory! Big shoutout to Bojan, our long suffering audio engineer extraordinaire, who turns our chaos into coherence. And of course, we can’t forget you—our amazing listeners—who tune in each week, send us your thoughts and questions, and share the chaos with your friends. Cheers to you for making this madness worth it! More info at HelpMeWithHIPAA.com/2024blooper...
Dec 20, 2024•14 min
Cybersecurity incidents can feel like a punch in the gut, but with the right plan, you can roll with the hits instead of flailing in panic. In this episode, we’re diving into executive strategies for tackling the unexpected, from building response teams to keeping business operations afloat when chaos strikes. Along the way, we also cover a recent corrective action plan that serves as a cautionary tale for getting your protocols in order before trouble comes knocking. This is your go-to guide fo...
Dec 13, 2024•50 min•Ep. 488
Is your healthcare organization ready for a triple threat, or are you playing a risky game of cybersecurity roulette with delayed access, ransomware demands, and a missing incident response plan? Today, we explore three tales in healthcare that are equal parts cautionary and compelling. We kick things off with the Healthcare and Public Health Sector Coordinating Council’s shiny new cyber incident response checklist—aka your cheat sheet for keeping calm in the face of chaos. Then, we give you the...
Dec 06, 2024•55 min•Ep. 487
Feeling thankful this season? Us too—especially when it comes to dodging data disasters! In this episode, Donna and David dive headfirst into some eyebrow-raising cybersecurity tales, from job application breaches exposing sensitive information to the ever-creepy risks of unsecured IoT devices (yes, even your vacuum might be plotting against you). Whether it’s researchers discovering unsecured data files or hackers turning robot vacuums into racially inappropriate terrors, we’re reminded to neve...
Nov 29, 2024•39 min•Ep. 486
Doing a half-baked risk analysis is like locking your front door but leaving all the windows wide open. What’s the point? Today, we dive into the first-ever Security Risk Assessment (SRA) violation settlement—a juicy topic for compliance nerds and healthcare pros alike. We’re talking ransomware, compliance checklists (the kind you actually need), and why a “kinda-sorta risk analysis” isn’t going to cut it with the OCR. Along the way, we’ll break down the $90K fine, the three-year corrective acti...
Nov 22, 2024•45 min•Ep. 485
Buckle up for Part 2 of our breakdown on the HHS OCR NIST healthcare security conference - because, yes, 16 hours of deep dives into AI, HIPAA compliance, and cybersecurity priorities can’t be tackled in just one episode! From wild projections about AI’s future in healthcare to OCR’s “tough love” on compliance standards, this episode peels back the curtain on the big decisions shaping healthcare data security. It’s a whirlwind tour through risks, regulations, and the occasional debate on why “ju...
Nov 15, 2024•1 hr 2 min•Ep. 484
Buckle up, folks! Today, Donna and David are here with Part 1 of their deep dive into the recent HHS OCR NIST healthcare security virtual conference, and they're spilling all the cyber-tea. With experts from HHS, OCR, NIST, FTC, and FDA presenting, this conference covered a ton. From AI-powered hackers and QR code scams to unpatched medical devices and a spike in supply chain attacks, the discussions centered on what it takes to keep healthcare data and devices secure in a constantly evolving th...
Nov 08, 2024•58 min•Ep. 483
Ever heard someone say you need a pen test but then start wondering if they meant a pen from a spy movie? There typically is a lot of confusion between penetration testing and vulnerability assessments—a common mix-up with big consequences for your cybersecurity game. We will walk through different types of pen tests, explain how they help you spot weaknesses before the bad guys do and tackle why continuous vulnerability management can save you from surprises. Whether you’re building up your def...
Nov 01, 2024•54 min•Ep. 482
Ever had a root canal that felt less painful than dealing with bureaucracy? Well, buckle up, because in this episode, we sink our teeth into the 50th patient right of access enforcement action under HIPAA. That’s right—50 cases since 2019, and somehow, this one involving Dr. Gumb (yes, really) and a dental records dispute is the most absurd of the bunch. From a refusal to hand over records to racking up government fines like trading cards, this saga is a wild reminder of what happens when compli...
Oct 25, 2024•52 min•Ep. 481
Today we tackle the trifecta of cybersecurity headaches: Microsoft’s awkwardly ambitious recall feature, the looming HISAA regulations (because HIPAA wasn’t enough), and a juicy enforcement action following a ransomware attack. We’ll break down how Microsoft’s recall reboot went from intrusive default to opt-in relief, why HISAA could mean mandatory stress tests for healthcare providers, and what lessons we can learn from a ransomware attack that left 291,000 patient records exposed—and a correc...
Oct 18, 2024•51 min•Ep. 480
Leaving your web browser open with 25 tabs is the digital version of leaving your front door unlocked? Whether it's for email, work docs, shopping, or watching cat videos, your browser is the gateway to, well, everything. But as much as we depend on them, so do hackers. From credential theft to sneaky phishing attacks, cybercriminals are finding clever ways to turn your favorite browser into a tool for their dirty work. Today, we’ll break down the wild world of browsers—how we rely on them, and ...
Oct 11, 2024•48 min•Ep. 479
Boo! 🎃 Halloween may not be here yet, but we’re kicking off the spooky vibes early! Donna and David dive into the eerie world of cybersecurity, where the tricks are plentiful, and the treats are hard to find. From scary ransomware attacks to the horrifying reality of business email compromises, the internet is scarier than a haunted house with no exit. Grab your digital pumpkin spice latte, because we're about to unravel some terrifying myths that will make you think twice before you click on a...
Oct 04, 2024•47 min•Ep. 478
Healthcare marketing is tricky enough without tripping over the big pitfalls that could leave you tangled up in HIPAA violations or a patient privacy disaster. Today we break down five common marketing mistakes you definitely want to steer clear of. From misinterpreting HIPAA rules to guarding patient data like it’s your grandma’s secret cookie recipe, these blunders can get you into serious trouble. We’re here to help you navigate these common missteps and protect your business from unnecessary...
Sep 27, 2024•53 min•Ep. 477
Do you feel like cyberattacks are the world’s worst game of whack-a-mole? No matter how many you smack down, ten more pop up— and there’s no sign of it slowing anytime soon and neither is the confusion over who’s responsible when your data gets caught in the crossfire. If your supply chain and your own security safeguards aren't locked down, you might as well be rolling out the red carpet for hackers. Tune in as we break down the latest mess, and yes, it’s as frustrating as it sounds! More info ...
Sep 20, 2024•45 min•Ep. 476
Ever left your front door unlocked, thinking it’s no big deal? Well, that’s what happens when you forget about facility access controls – and the consequences can be far worse than a missing TV! Today, we dive deep into a topic that often gets overlooked but is critical to any organization’s security – facility access controls. Whether it's ensuring that only authorized personnel can access sensitive areas or protecting valuable equipment from walking out the door, facility access controls are a...
Sep 13, 2024•52 min•Ep. 475
It's that time of year again: Cybersecurity Awareness Month! We're diving into the world of cybersecurity like a hacker in a candy store—except we're here to keep the candy (your data) safe! We're breaking down how you can use the free CE Awareness Month toolkit to boost your cybersecurity game both in your business and at home. Whether you're an IT pro or someone who just learned how to turn on two-factor authentication, we've got tips, tricks, and a few laughs to help you navigate the digital ...
Sep 06, 2024•43 min•Ep. 474
Navigating the world of cybersecurity these days feels like walking through a minefield with clown shoes—are you stepping safely or just a step away from disaster? In this episode, we dive into the jaw-dropping National Public Data breach that's got everyone asking, "Am I a victim too?" Spoiler alert: the odds aren't in your favor. Then, we sift through the chaos of the recent CrowdStrike outage because what's a week in cybersecurity without a little mayhem? And just when you thought it couldn't...
Aug 30, 2024•52 min•Ep. 473
In this episode, we're diving deep into the world of Software Bill of Materials (SBOM)—basically, the recipe for your software, minus the secret sauce. If you've ever wondered what's really under the hood of your favorite apps (or been caught off guard by a sneaky ingredient), this one's for you. We’re breaking down why you should care about SBOMs, how they’re becoming a must-have in your vendor vetting process, and what it all means for the future of tech. Think of it as your crash course in ma...
Aug 23, 2024•38 min•Ep. 472
Navigating healthcare cybersecurity is like walking through a minefield—you never know which step could trigger the next explosion. In this episode, we’re diving headfirst into the bloody mess of ransomware attacks that have turned hospitals and blood banks into a logistical nightmare. Amidst the chaos, Health-ISAC and the American Hospital Association are urging special consideration for critical supply chain entities. It’s a wild ride through the chaos that one click can unleash on healthcare,...
Aug 16, 2024•52 min•Ep. 471
How well do you really know your remote workers? With remote work increasingly becoming the norm, the complexities of securing devices and monitoring access have skyrocketed. The challenges of providing robust security measures for an increasingly dispersed workforce are immense. Real-world examples like the KnowBe4 incident, where a remote worker used a stolen identity to infiltrate company systems, highlight the necessity of layered security and proactive monitoring. Our discussion today, high...
Aug 09, 2024•42 min•Ep. 470
Ever had one of those days where everything just seems to crash and burn? Well, in this episode, we dive into a tech catastrophe that sent ripples across the digital landscape. Donna and David will unravel the chaos caused by CrowdStrike's major tech outage—a meltdown that wasn’t just an ordinary hiccup, but a vendor-of-a-vendor fiasco. From blue screens of death to grounded flights, this incident highlights the domino effect a single update can have on the entire supply chain. More info at Help...
Aug 02, 2024•41 min•Ep. 469
Ever wondered how neglecting a cybersecurity risk analysis is like leaving your front door wide open in a sketchy neighborhood? Well, buckle up because today we dig into the latest OCR ransomware settlement involving Heritage Valley Health Systems and a laundry list of potential violations. From failing to conduct a thorough risk analysis to lacking a proper contingency plan for ransomware attacks to neglecting to train their workforce on policies and procedures, this is a cautionary tale of wha...
Jul 26, 2024•38 min•Ep. 468
In the HIPAA world, just because you can, doesn't mean you should – unless you’re keen on trading your business casual for prison orange. No one expects that a HIPAA violation will send them to jail, but there can be serious criminal penalties associated with HIPAA breaches, ranging from fines to imprisonment. Today, we will share real-life examples of how some people misinterpret their rights to access patient records. More info at HelpMeWithHIPAA.com/467...
Jul 19, 2024•46 min•Ep. 467
How can small and medium businesses (SMBs) tackle the complexities of single sign-on (SSO) and boost their password security? A recent study from CISA highlighted the lag in SSO adoption among SMBs and why basic security measures like SSO and multi-factor authentication (MFA) should be standard. Join us as we navigate through the maze of managing multiple passwords, the pitfalls of manual methods, and the critical need for vendors to prioritize security from the get-go. More info at HelpMeWithHI...
Jul 12, 2024•51 min•Ep. 466
Ever wonder why staying vigilant in cybersecurity is like playing whack-a-mole? Let's dive into some wild stories that highlight the need to always be on the lookout! From hackers using legitimate websites to spread malware, to the humorous and slightly terrifying saga of employees using mouse jigglers to fake work, to cyberattacks from space, there are a lot of reasons why we should always keep our guard up in the wild world of cybersecurity! More info at HelpMeWithHIPAA.com/465...
Jul 05, 2024•53 min•Ep. 465
