Episodes

  • First SRA Violation Settlement - Ep 485
    Nov 22 2024

    Doing a half-baked risk analysis is like locking your front door but leaving all the windows wide open. What’s the point? Today, we dive into the first-ever Security Risk Assessment (SRA) violation settlement—a juicy topic for compliance nerds and healthcare pros alike. We’re talking ransomware, compliance checklists (the kind you actually need), and why a “kinda-sorta risk analysis” isn’t going to cut it with the OCR. Along the way, we’ll break down the $90K fine, the three-year corrective action plan, and what this means for everyone still winging their HIPAA risk assessments. Time to up your game folks!

    More info at HelpMeWithHIPAA.com/485

    Show more Show less
    45 mins
  • OCR NIST Part 2 - Ep 484
    Nov 15 2024

    Buckle up for Part 2 of our breakdown on the HHS OCR NIST healthcare security conference - because, yes, 16 hours of deep dives into AI, HIPAA compliance, and cybersecurity priorities can’t be tackled in just one episode! From wild projections about AI’s future in healthcare to OCR’s “tough love” on compliance standards, this episode peels back the curtain on the big decisions shaping healthcare data security. It’s a whirlwind tour through risks, regulations, and the occasional debate on why “just doing it the old way” won’t cut it anymore. Let’s get into it!

    More info at HelpMeWithHIPAA.com/484

    Show more Show less
    1 hr and 2 mins
  • OCR NIST Conference Part 1 - Ep 483
    Nov 8 2024

    Buckle up, folks! Today, Donna and David are here with Part 1 of their deep dive into the recent HHS OCR NIST healthcare security virtual conference, and they're spilling all the cyber-tea. With experts from HHS, OCR, NIST, FTC, and FDA presenting, this conference covered a ton. From AI-powered hackers and QR code scams to unpatched medical devices and a spike in supply chain attacks, the discussions centered on what it takes to keep healthcare data and devices secure in a constantly evolving threat landscape. Wondering why healthcare data security feels like a game of whack-a-mole? Tune in to find out!

    More info at HelpMeWithHIPAA.com/483

    Show more Show less
    58 mins
  • Sell Me This Pen - Ep 482
    Nov 1 2024

    Ever heard someone say you need a pen test but then start wondering if they meant a pen from a spy movie? There typically is a lot of confusion between penetration testing and vulnerability assessments—a common mix-up with big consequences for your cybersecurity game. We will walk through different types of pen tests, explain how they help you spot weaknesses before the bad guys do and tackle why continuous vulnerability management can save you from surprises. Whether you’re building up your defenses or simply trying to keep up with best practices, this episode is packed with insights on staying ahead of cyber threats, one test at a time.

    More info at HelpMeWithHIPAA.com/482

    Show more Show less
    54 mins
  • Gumming Up the Works: Dental Record Request Nightmare - Ep 481
    Oct 25 2024

    Ever had a root canal that felt less painful than dealing with bureaucracy? Well, buckle up, because in this episode, we sink our teeth into the 50th patient right of access enforcement action under HIPAA. That’s right—50 cases since 2019, and somehow, this one involving Dr. Gumb (yes, really) and a dental records dispute is the most absurd of the bunch. From a refusal to hand over records to racking up government fines like trading cards, this saga is a wild reminder of what happens when compliance takes a backseat.

    More info at HelpMeWithHIPAA.com/481

    Show more Show less
    52 mins
  • Ransomware, Recall, and Regulations - Ep 480
    Oct 18 2024

    Today we tackle the trifecta of cybersecurity headaches: Microsoft’s awkwardly ambitious recall feature, the looming HISAA regulations (because HIPAA wasn’t enough), and a juicy enforcement action following a ransomware attack. We’ll break down how Microsoft’s recall reboot went from intrusive default to opt-in relief, why HISAA could mean mandatory stress tests for healthcare providers, and what lessons we can learn from a ransomware attack that left 291,000 patient records exposed—and a corrective action plan no one wants. If you've ever wondered how healthcare security, government fines, and tech mishaps collide, this one’s for you.

    More info at HelpMeWithHIPAA.com/480

    Show more Show less
    51 mins
  • Browsers & Breaches - Ep 479
    Oct 11 2024

    Leaving your web browser open with 25 tabs is the digital version of leaving your front door unlocked? Whether it's for email, work docs, shopping, or watching cat videos, your browser is the gateway to, well, everything. But as much as we depend on them, so do hackers. From credential theft to sneaky phishing attacks, cybercriminals are finding clever ways to turn your favorite browser into a tool for their dirty work. Today, we’ll break down the wild world of browsers—how we rely on them, and how hackers are exploiting them while we casually leave 25 tabs open at once. Note to self: it’s time to update your browser (and maybe close a few tabs)!

    More info at HelpMeWithHIPAA.com/479

    Show more Show less
    48 mins
  • Halloween Comes Early This Year - Ep 478
    Oct 4 2024

    Boo! 🎃 Halloween may not be here yet, but we’re kicking off the spooky vibes early! Donna and David dive into the eerie world of cybersecurity, where the tricks are plentiful, and the treats are hard to find. From scary ransomware attacks to the horrifying reality of business email compromises, the internet is scarier than a haunted house with no exit. Grab your digital pumpkin spice latte, because we're about to unravel some terrifying myths that will make you think twice before you click on anything!

    More info at HelpMeWithHIPAA.com/478

    Show more Show less
    47 mins