PCI Requirement 1 deals with setting up and configuring firewalls to protect your business data.
PCI DSS requires anti-malware software to be installed on all systems that are commonly affected by malware (e.g., Windows).
With March 31, 2025 as a target destination, managed security service providers and enterprises from across the digital commerce chain are taking a measured approach to implementing PCI DSS version 4.0.
This blog will discuss changes to the PCI DSS 4.0 SAQ questionnaires and is based on our Webinar "PCI DSS 4.0: What's New and How It Affects You."
This blog will discuss changes made to the SAQ P2PE version 4.0 and will review the process of performing a self-assessment using the SAQ P2PE.
Here are some questions participants asked in our webinar, “PCI DSS 4.0: What Is New and How It Affects You.”
While the PCI v4 standard is not expected to be finalized and released until the end of 2020 or the beginning of 2021, the PCI Security Standards Council has made some information available to the general public on what some of the changes might be.
By following basic security practices and policies, you can make your devices HIPAA compliant and keep your data safe.
Here are 5 Blogs to Help You Survive PCI DSS and Prevent Security Breaches This Year. We cover formjacking, penetration tests, PCI DSS checklists, PCI DSS audits, as well as preparing for incident response.
Every covered entity that uses business associates is required to obtain assurances that their business associates treat patient data the way you and HHS require them to.
System administrators have the responsibility to ensure all system components (e.g., servers, firewalls, routers, workstations) and software are updated with critical security patches within 30 days of when they are released to the public.
If you are having problems communicating budgetary needs to management, conduct a risk analysis before starting the HIPAA process.
Workforce members need to be given specific rules and regular training to know how to protect PHI. Regular training will remind them of the importance of security and keep them up to date with current security policies and practices.
Most people know how to destroy physical sensitive data, but when it comes to securely destroying electronic data, most healthcare professionals don’t know where to begin.
Healthcare security gaps often stem from communication issues. It’s common to see executives and practice leads who aren’t listening to their staff about their current state of compliance and security.
A penetration test will give you a holistic view of what your security system truly looks like. Organizations with poor security practices across their environment leave themselves vulnerable.
The minimum necessary requirement is a key part of the HIPAA Privacy Rule. The goal of this requirement isn’t to encourage organizations to perform the minimum necessary, but rather for organizations to only use and disclose the minimum amount of PHI necessary
Regular vulnerability scans are a critical preventative security control as they detect and assess known weaknesses that may be opening up your systems, applications and networks to undue risk of intrusion. Vulnerability scanning is not penetration testing.
You need a team to choose and manage an IDS/IPS. Whether it’s the responsibility of your IT Security Team,Data Loss Prevention Team, a managed service provider, or a designated co-managed team consisting of security-related department heads.
More recently, password length, in the form of longer, memorable word strings have proven to be a more important security practice than the use of shorter complex passwords.
You should implement encryption to protect PHI any time it is stored.
Monitoring audit logs for all critical systems and devices in your environment is key to understanding what types of events and actions occur on a daily basis, allowing you to establish a baseline of what is considered normal system activity.
Remote access to tools and data is essential to employees who work from home or are unable to go into the office for health or other logistical reasons.
Whenever a system is configured make sure you know exactly what is running and also what is necessary to allow the system to perform its intended function.
.svg)