By Zac Amos – Access control in healthcare facilities protects patient data and supports ongoing regulatory compliance. Even experienced teams can overlook critical gaps that expose systems and environments to unnecessary risk, especially as operations scale and integrate new technologies.
Read More
By Gilda D’Incerti – Healthcare cybersecurity has typically been viewed as a technical responsibility, with security teams focused on protecting networks, securing electronic health records, and responding to ransomware incidents. Now, that framing is no longer sufficient.
By David Lareau – Medicare Advantage oversight has entered a more data-driven phase, with regulators focusing closely on how diagnoses are identified, documented, and submitted for risk adjustment. At the center of that scrutiny is the practice of “suspecting,” which involves searching patients’ medical records to identify…
By Jackie Mattingly & Lance Alston – Rural hospitals are not trying to do something unique with cybersecurity. They are trying to keep care available in their communities. They are trying to protect patients. They are trying to meet rising expectations with limited staff, limited funding, and little room for operational disruption.
By Zac Amos – With cyberattacks in the healthcare industry becoming increasingly prevalent over the past few years, cybersecurity infrastructure has had to develop rapidly. Yet, traditional methods often focus exclusively on technical barriers such as firewalls and encryption. They overlook one of the health sector’s most underappreciated risks: human error.
By Shannon Walker – Compliance oversight is becoming more complex in healthcare organizations. In 2026, proactive compliance will increasingly intersect with workforce well-being, health IT governance, and executive accountability.
By Matt Fisher – Revealing a data breach can be a hard action for an organization to take. The ongoing stream of notifications still generates attention, which is typically not positive when a security breakdown is revealed. At the same time, the notification is (or should be) unavoidable since the HIPAA breach notification rule is clear about what action is necessary.
By Jason Stewart – Despite the fact that the majority of healthcare data breaches are due to the inadequate security of third-party vendors, the vetting of these partners is still uneven across the industry.
By Alix Goss – Changes to how HIPAA-adopted standards are maintained rarely generate much attention. They tend to unfold slowly, behind the scenes, and often become visible only once a new version is formally named in a regulation. That lack of visibility can make it easy to miss early signals about how standards are….