CTEK Voices: The Risk Perspective

Follow CTEK Voices: The Risk Perspective
Share on
Copy link to clipboard

CynergisTek presents CTEK Voices: The Risk Perspective. This regular podcast series is designed to help you navigate an ever-changing environment and will address cybersecurity Privacy and Compliance issues related to the coronavirus pandemic and will focus on healthcare providers and companies that provide products and services to the healthcare sector. In this podcast, our recognized industry subject matter experts will address multiple topics ranging from cybersecurity to medical devices, to supply chain, and insights around COVID-19 preparation, planning, decision making, and post-emergency topics.The Risk Perspective podcast can be found at cynergistek.com/podcasts, along with a transcript of every episode. You can subscribe and listen to The Risk Perspective on Apple iTunes, Spotify, cynergistek.com, or your preferred podcast listening platform. Please visit cynergistek.com/covid19 for Coronavirus updates, and content from CTEK executives and thought leadership.

CynergisTek Inc.


    • Aug 17, 2022 LATEST EPISODE
    • monthly NEW EPISODES
    • 20m AVG DURATION
    • 53 EPISODES


    Search for episodes from CTEK Voices: The Risk Perspective with a specific topic:

    Latest episodes from CTEK Voices: The Risk Perspective

    Securing IOT: A Red Team's Perspective

    Play Episode Listen Later Aug 17, 2022 10:34


    In this episode of The Risk Perspective CynergisTek's Dave Bailey (VP, Security Services) and Morgan Habecker (Manager, Red Team) discuss internet-connected devices from smart ovens to fusion pumps through the lens of healthcare (and nonhealthcare) cybersecurity. Listen as these two dive into IoT, what it is, their focus to do what they were designed to do (which surprise! isn't to fend off cyber-attacks), and overall threats/vulnerabilities + how to better protect against them.  Subscribe to CTEK Voices: The Risk Perspective on Apple iTunes, Spotify, Stitcher, or your preferred podcast platform. Remember to like and subscribe to The Risk Perspective, and don't forget to leave your comments for feedback and topic suggestions!

    OCR Guidance: HIPAA Privacy Rule & Disclosures of PHI Relating to Reproductive Health Care

    Play Episode Listen Later Jul 21, 2022 12:50


    In this episode of The Risk Perspective, we speak with Andrew Mahler, former OCR Investigator and CynergisTek's VP of Privacy and Compliance about the recently issued OCR guidance on patient privacy in the wake of The Supreme Court decision on Roe. Listen for a debrief of the OCR's guidance that addresses: How federal law and regulations protect individuals' PHI and provides clarification on disclosure laws  Information about what's protected, and what's not when using health information apps on smartphones. Episode Resources:  The guidance on the HIPAA Privacy Rule and Disclosures of Information Relating to Reproductive Health Care  The guidance on Protecting the Privacy and Security of Your Health Information When Using Your Personal Cell Phone or Tablet Information on filing a complaint if you believe that a HIPAA-covered entity or its business associate violated your health information privacy rights or committed another violation of the Privacy, Security, or Breach Notification Rules Subscribe to CTEK Voices: The Risk Perspective on Apple iTunes, Spotify, Stitcher, or your preferred podcast platform. Remember to like and subscribe to The Risk Perspective, and don't forget to leave your comments for feedback and topic suggestions!

    Medical Device Security: Understanding The Issues

    Play Episode Listen Later Jun 15, 2022 21:47


    In this episode, we have a candid conversation with Dave Bailey, Jon Benedict, (of CynergisTek), and Ben Stock (Ordr) about the challenges facing medical device security. We talk about the motivators of attackers, why you can't rely on backups anymore, what you need to do to take control and maintain defense, and more. We also talk about how to manage these challenges and include a special promotion for listeners to earn a free consultation with our medical device expert (listen for the details).  Subscribe to CTEK Voices: The Risk Perspective on Apple iTunes, Spotify, Stitcher, or your preferred podcast platform. Remember to like and subscribe to The Risk Perspective, and don't forget to leave your comments for feedback and topic suggestions!

    The Shift Towards Resilience with Mac McMillan

    Play Episode Listen Later Sep 16, 2021 28:44


    The Risk Perspective is back and so is Mac McMillan! Kicking off season 3, Mac McMillan, CEO, President, and Founder of CynergisTek joins us to talk about CynergisTek's Resilience Partner Program, a unique approach that helps organizations evolve their security and privacy posture by reducing cyber risk and helps them build an approach that responds every day. Listen as Mac talks through this new methodology including why it's time for healthcare to finally (and actually) make the shift, and understand how CynergisTek's solutions help map out your resilience journey and keep things simple. Subscribe to CTEK Voices: The Risk Perspective on Apple iTunes, Spotify, Stitcher, or your preferred podcast platform. Remember to like and subscribe to The Risk Perspective, and don't forget to leave your comments.

    Say What!?...Yes, Security and Privacy Can Actually Work Together - Part 2

    Play Episode Listen Later Jun 3, 2021 20:51


    “If you don’t bring everyone to the table upfront you're going to wind up with some disconnect..." -David Finn We are back with part two of our "Say What!?" series! Our guests who include Fred Bishop, from UC Health in Cincinnati, and CTEK's David Finn, Marti Arvin, and Andrew Mahler are here again to wrap up their conversation on the collaboration between security and privacy teams. Together, this group will touch on why report structure is important, and what conflicts of interest(s) could occur. Listen to learn useful information on how to create, and/or improve your organization's cross-collaboration, and more!  Subscribe to CTEK Voices: The Risk Perspective  Apple iTunes, Spotify, Stitcher, or your preferred podcast platform. New episodes are released bi-weekly and a transcript of each episode can be found at cynergistek.com. Remember to like and subscribe to this podcast, and leave your comments.

    Say What!?...Yes, Security and Privacy Can Actually Work Together - Part 1

    Play Episode Listen Later May 21, 2021 20:42


    In this "Say What!?" series, our guests discuss why a collaborative working relationship is critical to the success of both privacy and security and how the two can work effectively together. This is a panel discussion, that originates from 2020's CTEK Summit. It incorporates security and privacy polling data taken from our community that helps drive the conversation. The panel consists of Fred Bishop, the Information Security Officer at UC Health in Cincinnati, David Finn CTEK EVP, and former CIO, Andrew Mahler CTEK  Sr. Manager of Privacy Services, and CTEK Executive Advisor and Compliance guru Marti Arvin (who helps with moderating the discussion). Together our panel dives into the topics of reporting structure, and the tension between a health enterprise and the university within an academic medical center in this part one of our "Say What!?" series.  Subscribe to CTEK Voices: The Risk Perspective Apple iTunes, Spotify, Stitcher, or your preferred podcast platform. New episodes are released bi-weekly and a transcript of each episode can be found at cynergistek.com. Remember to like and subscribe to this podcast, and leave your comments.

    Part 2: Building a Cybersecurity Program From The Ground Up

    Play Episode Listen Later May 6, 2021 26:43


    Jesse Fasolo and David Finn are back for part 2 of how Jesse built a strong security program at Saint Joseph's Hospital in Patterson NJ. Together, David and Jesse wrap up their conversation and discuss topics such as medical device security, M&A security, third-party risk, and more.  Subscribe to CTEK Voices: The Risk Perspective Apple iTunes, Spotify, Stitcher, or your preferred podcast platform. New episodes are released bi-weekly and a transcript of each episode can be found at cynergistek.com.

    Continuous Pen-Testing

    Play Episode Listen Later Apr 22, 2021 13:59


    Ben Denkers of CynergisTek and Patrick Guay of Pcysys join us this week to discuss CynergisTek's new continuous pen-testing service. Learn about automated pen-tests that continuously conduct ethical exploits and deliver prioritized threat-based weaknesses.  Subscribe to CTEK Voices: The Risk Perspective Apple iTunes, Spotify, Stitcher, or your preferred podcast platform. New episodes are released weekly and a transcript of each episode can be found at cynergistek.com.

    Building a Cybersecurity Program From The Ground Up

    Play Episode Listen Later Apr 9, 2021 30:45


    David Finn, EVP of Strategic Innovation at CynergisTek, talks with Jesse Fasolo, the Director of Technical Infrastructure and Cybersecurity at Saint Joseph's Hospital in Paterson, NJ about how Jesse built (and continues to build) a successful security program over the last 6 years.  Subscribe to CTEK Voices: The Risk Perspective Apple iTunes, Spotify, Stitcher, or your preferred podcast platform. New episodes are released weekly and a transcript of each episode can be found at cynergistek.com.

    What About Rob?

    Play Episode Listen Later Mar 25, 2021 17:35


    In this episode, we get to know Rob Teague, Information Security Engineer at CynergisTek, and CMMC Registered Practioner at Redspin, CynergisTek's non-healthcare division. Listen as we get to know Rob's perspective on the industry, what inspires him, and how his military background ties into all aspects of his professional and personal life.    Subscribe to CyberSpin: Apple iTunes, Spotify, Stitcher, or your preferred podcast platform. New episodes are released weekly and a transcript of each episode can be found at cynergistek.com.

    Ransomware in 2021: We Know It's an Issue, Now What?

    Play Episode Listen Later Mar 11, 2021 16:54


    Caleb Barlow is back to discuss ransomware within the healthcare industry, and this time he is joined by Marti Arvin. Together the two discuss ransomware within the healthcare industry beyond simply stating that it's an issue. Listen as they talk through considerations surrounding ransomware disclosures, bad actors changing data before giving it back, cyber insurance reliance, and the million-dollar question of paying a ransom or not.    Subscribe to CTEK Voices: The Risk Perspective Apple iTunes, Spotify, Stitcher, or your preferred podcast platform. New episodes are released weekly and a transcript of each episode can be found at cynergistek.com.

    Patient Privacy Monitoring - Why It Doesn't Have To Be Overwhelming

    Play Episode Listen Later Feb 25, 2021 18:54


    CynergisTek's Privacy team joins us this week to discuss user access monitoring. Together, Andrew Mahler and Neaomi Quartucci chat about patient user access challenges, and how CynergisTek can help monitor, and report on inappropriate patient record access, helping privacy and security offices sleep better at night.    Subscribe to CTEK Voices: The Risk Perspective Apple iTunes, Spotify, Stitcher, or your preferred podcast platform. New episodes are released weekly and a transcript of each episode can be found at cynergistek.com.

    Information Blocking: Keys to Understandings the Rule and Considerations We Didn’t Think About

    Play Episode Listen Later Feb 11, 2021 17:38


    Marti Arvin, CTEK Executive Advisor is back to discuss the information blocking rule. While working with organizations on information blocking compliance, Marti has found some organizations still do not appear to be clear on what the obligations of the rule are. With the compliance effective date of April 5th, 2021 just around the corner, Marti will talk us through information blocking rule obligations, as well as highlight a few compliance considerations she has come across that not even she had thought about. Subscribe to CTEK Voices: The Risk PerspectiveApple iTunes, Spotify, Stitcher, or your preferred podcast platform. New episodes are released weekly and a transcript of each episode can be found at cynergistek.com.

    HITECH Act Amendment: Reflections with Mac McMillan and David Finn

    Play Episode Listen Later Jan 28, 2021 21:57


    Description: On January 5th, 2021, an amendment to H.R 7898, the HITECH Act was signed into law. The law incentivizes the adoption of cybersecurity framework NIST as part of defense or mitigation to HIPAA enforcement. To discuss this long awaited accomplishment and overall win for cybersecurity practice as a whole, we are honored to have Mac McMillan and David Finn as this week’s guest speakers. Mac McMillan, Founder of CynergisTek has won 2019’s CHIME Foundation Industry Leadership Award, 2020’s Leadership Excellence Award in the cybersecurity sector from Baldrige Foundation, and is recognized as an industry icon. Listen in as Mac and David discuss this monumental law, and reflect on their work as longtime NIST advocates and cybersecurity catalysts.Subscribe to CTEK Voices: The Risk PerspectiveApple iTunes, Spotify, Stitcher, or your preferred podcast platform. New episodes are released weekly and a transcript of each episode can be found at cynergistek.com.

    The Next Normal CTEK’s New Services to Adapt to 2020 and Beyond

    Play Episode Listen Later Jan 14, 2021 33:26


    Years ago, an organization’s security program consisted primarily of assessing risk and remediating the high-risk priorities. With today’s advancements in technology and the ever changing demands on both people and processes, the industry is moving towards validating the effectiveness of their security. In this episode of The Risk Perspective CynergisTek’s Sr. Vice President of Security and Privacy Ben Denkers describes the new services CynergisTek has developed to meet industry demands in needing security validation solutions.With 2020 behind us and the new year ahead, Ben will review services such as Security Control Validation, Project API Sentry, and 24/7 adversary validation you can use to incorporate into your 2021 risk strategy.You can also view the slide deck for this episode, presented by Ben Dankers at the CTEK summit here. Subscribe to CTEK Voices: The Risk PerspectiveApple iTunes, Spotify, Stitcher, or your preferred podcast platform. New episodes are released weekly and a transcript of each episode can be found at cynergistek.com.

    Security Resilience in 2021 - Part 2

    Play Episode Listen Later Dec 14, 2020 32:17


    David Finn, EVP of Strategic Innovations joins for part two of Security Resilience in 2021 to discuss cyber resilience from a couple of key perspectives. Also joining David is Morgan Habecker CTEK Manager of Red Team and Andrew Bindner Senior Consultant on the Red Team at CynergisTek.Cyber resilience is an evolving perspective that is rapidly gaining recognition. In this episode, we look at cyber resilience from a unique operational perspective. Subscribe to CTEK Voices: The Risk PerspectiveApple iTunes, Spotify, Stitcher, or your preferred podcast platform. New episodes are released weekly and a transcript of each episode can be found at cynergistek.com.

    Security Resilience in 2021 - Part 1

    Play Episode Listen Later Dec 1, 2020 22:45


    Today David Finn, EVP of Strategic Innovations joins us to discuss cyber resilience from a couple of key perspectives. Also joining David is Dave Bailey Director of Security Services and Ryan Stewart, Manager of CynergisTek’s vCISO and IR Services.Cyber resilience is an evolving perspective that is rapidly gaining recognition. In this episode, we discuss areas of information security, business continuity, and organizational resilience together from a CISCO and a CIOs perspective. Subscribe to CTEK Voices: The Risk PerspectiveApple iTunes, Spotify, Stitcher, or your preferred podcast platform. New episodes are released weekly and a transcript of each episode can be found at cynergistek.com.

    Interview - Ted Harrington Discusses Hackable: How to Do Application Security Right

    Play Episode Listen Later Nov 16, 2020 25:49


    Ben Denkers, Senior Vice President of Security and Privacy for CynergisTek sits down to talk to Ted Harrington about his new book Hackable: How to Do Application Security Right. Ted discusses what he has observed organizations doing and stories about some of these challenges he has seen organizations face with application security. Ted breaks down his book which discusses lessons from the front lines of ethical hacking about how software gets broken, how it gets hacked, and what to do about it.Subscribe to CTEK Voices: The Risk PerspectiveApple iTunes, Spotify, Stitcher, or your preferred podcast platform. New episodes are released weekly and a transcript of each episode can be found at cynergistek.com.

    Evolving threat landscape – How to Keep up (24/7 Adversary Validation)

    Play Episode Listen Later Nov 6, 2020 24:04


    Jeremy Molnar, Senior Vice President of Client Success and Solution Development, and Andrew Bindner, Senior Consultant, Red team at CynergisTek discuss Adversary Validation and how it is the next stage in evolution for penetration testing. Subscribe to CTEK Voices: The Risk PerspectiveApple iTunes, Spotify, Stitcher, or your preferred podcast platform. New episodes are released weekly and a transcript of each episode can be found at cynergistek.com.

    Why Validation of People, Process & Technology is Important

    Play Episode Listen Later Nov 2, 2020 21:41


    Do you have a good security program in place? Ben Denkers, Senior Vice President of Security and Privacy, and Dave Bailey, Director of Security Services at CynergisTek discuss topics around validation in the cybersecurity world and why it is so important to try to keep up with today's threats. Ben and Andrew highlight effective processes and the technologies you should deploy.Subscribe to CTEK Voices: The Risk PerspectiveApple iTunes, Spotify, Stitcher, or your preferred podcast platform. New episodes are released weekly and a transcript of each episode can be found at cynergistek.com.

    Cyber Security Awareness Month

    Play Episode Listen Later Oct 26, 2020 21:36


    National Cybersecurity Awareness Month (NCSAM) is now in its 17th year. In its 17th year, Cybersecurity Awareness Month continues to raise awareness about the importance of cyber security across the US. With this year's theme in mind, Do Your Part. #BeCyberSmart, David Finn, Executive Vice President of Strategic Innovations, and Thomas Graham, VP CISO discuss the importance of cyber security for your organization. Download our Security Awareness Tips Checklist Our Security Awareness Tips Checklist allows you to download, customize, and share tips and best practices with your clients to give them insight on how they can protect their data. Subscribe to CTEK Voices: The Risk PerspectiveApple iTunes, Spotify, Stitcher, or your preferred podcast platform. New episodes are released weekly and a transcript of each episode can be found at cynergistek.com.

    What is a Compromise Assessment?

    Play Episode Listen Later Oct 16, 2020 41:53


    CynergisTek has partnered with Awake Labs to discuss what a Compromise Assessment is, breakdown the concept of the compromise assessment, and why organizations should consider one. They discuss the technical capabilities and framework of a Compromise Assessment and what specific methodology is taken in order to perform a compromise assessment.Subscribe to CTEK Voices: The Risk PerspectiveApple iTunes, Spotify, Stitcher, or your preferred podcast platform. New episodes are released weekly and a transcript of each episode can be found at cynergistek.com.

    Compliance Regulation Related to Interoperability - Part Two

    Play Episode Listen Later Oct 1, 2020 23:14


    CynergisTek has partnered with Healthlink Advisors for a three-part video series to discuss the considerations for healthcare providers as it relates to the regulations around information blocking including who is impacted, what is information blocking, key dates and what is impacted preparing health organization’s for the upcoming CMS 2020 Interoperability Rule.Watch the video series:Compliance Regulation Related to Information Blocking – Part OneCompliance Regulation Related to Interoperability – Part TwoVisit the ONC Website on Core Data for Interoperability (USCDI)https://www.healthit.gov/isa/united-states-core-data-interoperability-uscdiSubscribe to CTEK Voices: The Risk PerspectiveApple iTunes, Spotify, Stitcher, or your preferred podcast platform. New episodes are released weekly and a transcript of each episode can be found at cynergistek.com.

    Compliance Regulation Related to Information Blocking - Part One

    Play Episode Listen Later Sep 29, 2020 24:17


    CynergisTek has partnered with Healthlink Advisors for a three-part podcast series to discuss the considerations for healthcare providers as it relates to the regulations around information blocking including who is impacted, what is information blocking, key dates and what is impacted preparing health organization’s for the upcoming CMS 2020 Interoperability Rule.Watch the video series: Compliance Regulation Related to Information Blocking - Part OneCompliance Regulation Related to Interoperability - Part TwoSubscribe to CTEK Voices: The Risk PerspectiveApple iTunes, Spotify, Stitcher, or your preferred podcast platform. New episodes are released weekly and a transcript of each episode can be found at cynergistek.com.

    The Rise of the Virtual Cyber Risk Officer

    Play Episode Listen Later Aug 28, 2020 22:29


    The Market for Virtual help is expanding. We’ve reached a level of specialization where a CISO simply cannot own all of the risk alone anymore. With the growing focus organizations have on cyber risk management, we welcome a new hat to the “risk mix”, the Virtual Cyber Risk Officer, A.K.A. a vCRO. In this episode of The Risk Perspective, CynergisTek’s EVP of Strategic Innovation, (and former CIO) David Finn, along with Ryan Stewart Manager of CynergisTek’s vCISO and IR Services discuss the new and emerging role of a vCRO. Together they dissect the differences between vCISOs and vCROs, how they complement each other, why a vCRO is needed, and more.Subscribe to CTEK Voices: The Risk PerspectiveApple iTunes, Spotify, Stitcher, or your preferred podcast platform. New episodes are released weekly and a transcript of each episode can be found at cynergistek.com.

    Compliance Considerations Around Mergers and Acquisitions, Part Two

    Play Episode Listen Later Aug 13, 2020 20:50


    Part two of our two-part series on mergers and acquisitions focuses on compliance considerations around M&A transactions. Together, CynergisTek’s compliance experts, Marti Arvin and Andrew Mahler discuss compliance roles throughout an M&A process. As M&A transactions have increased during the time of COVID-19, has there been a change in focus regarding compliance when it comes to due diligence? Is it ok for Chief Compliance Officers to weigh in during a transaction, if they have compliance related concerns, and where and how can third parties help during an M&A? Marti and Andrew will address these questions, and more in this episode which serves as a follow up to episode #4, part one “Privacy and Compliance Considerations Around Mergers and Acquisitions, Part One”.  Subscribe to CTEK Voices: The Risk PerspectiveApple iTunes, Spotify, Stitcher, or your preferred podcast platform. New episodes are released weekly and a transcript of each episode can be found at cynergistek.com.

    Privacy & Security Considerations Around Mergers & Acquisitions, Part 1

    Play Episode Listen Later Aug 6, 2020 21:16


    In this episode of The Risk Perspective, we bring in Merger and Acquisition (M&A) gurus; Marti Arvin (Executive Advisor at CynergisTek), and Michael Loria (EVP at Brightcove, and former VP of Business Development for the IBM Security Division). Together, they discuss security and privacy considerations when it comes to mergers and acquisitions. Who should be involved, and when? What can the Tech field, teach healthcare? And How can third Parties help? Answers to these questions and more can be found in this easy to listen episode. Remember to tune in next week for Part 2, where we will dissect the compliance side of M&A. Subscribe to CTEK Voices: The Risk PerspectiveApple iTunes, Spotify, Stitcher, or your preferred podcast platform. New episodes are released weekly and a transcript of each episode can be found at cynergistek.com.

    Ransomware Preparedness

    Play Episode Listen Later Jul 31, 2020 16:29


    Ransomware is a trending topic for healthcare in 2020. So, this week we are discussing ransomware with CynergisTek’s CEO, Caleb Barlow. Should you pay a ransom, or not? Does cyber insurance help cover anything? Is it legal to pay a ransom? Caleb answers these questions and more in this week’s episode of The Risk Perspective. Listen now to hear a CEO’s expert opinion and recommendations on how to prep and respond to ransomware during the time it’s at an all-time high. Subscribe to CTEK Voices: The Risk PerspectiveApple iTunes, Spotify, Stitcher, or your preferred podcast platform. New episodes are released weekly and a transcript of each episode can be found at cynergistek.com.

    The VPN Episode

    Play Episode Listen Later Jul 20, 2020 16:40


    An episode dedicated to VPN security…what more could you ask for?! Andrew Bindner joins us for an episode dedicated to Virtual Private Networks, otherwise known as VPNs. As a Senior Offensive Security Consultant of Red Team Services here at CTEK, Andrew has many conversations with clients and customers about VPN security risks. Now you too get to hear his expert recommendations. In this episode of The Risk Perspective, Andrew will address the need for VPNs, give his advice on immediate protection, discuss hardening endpoints (what is it, why is it important, and what is there to consider?), and passionately review best practice VPN security controls. This quick listen has everything you need to learn about the importance of and the steps to consider when implementing a strong and secure VPN. Something all organizations should consider while remote working is considered “the new normal”. Subscribe to CTEK Voices: The Risk Perspective on Apple iTunes, Spotify, Stitcher, or your preferred podcast platform. New episodes are released weekly and a transcript of each episode can be found at cynergistek.com. 

    A Fool With a Tool Is Still a Fool: There Are No Silver Bullets

    Play Episode Listen Later Jul 2, 2020 20:52


    Healthcare organizations are adding tools without the proper security frameworks in place which is ultimately hurting their NIST scores.In this first episode, of season 2 of The Risk Perspective, CynergisTek's Dave Bailey and David Finn (described as "the CTEK Statler and Waldorf") discuss what has caused NIST scores to decline over the last few years. The addition of tools, trainings, and the overall changes to threat environments are negatively impacting NIST scores. Healthcare organizations are learning the hard way... what was successful in the past, isn’t going to be successful today. Subscribe to CTEK Voices: The Risk Perspective on Apple iTunes, Spotify, Stitcher, or your preferred podcast platform. New episodes are released weekly and a transcript of each episode can be found at cynergistek.com. 

    Introducing Season 2 of CTEK Voices: The Risk Perspective

    Play Episode Listen Later Jul 2, 2020 0:56


    Welcome to the 2nd season of CTEK Voices: The Risk Perspective, the podcast that brings you expert insights to today’s hot topics in healthcare cybersecurity, compliance, and privacy.Each episode of The Risk Perspective season 2, features an inside listen in to the conversations between CTEK thought LEADERS, subject matter experts, and industry guest speakers who share their trusted risk expertise and perspectives.  Subscribe to CTEK Voices: The Risk Perspective on Apple iTunes, Spotify, or your preferred podcast platform. New episodes are released weekly and a transcript of each episode can be found at cynergistek.com. 

    HIPAA Disclosures to the Media

    Play Episode Listen Later Jun 4, 2020 34:28


    In this episode of The Risk Perspective, we are joined by David Holtzman, Executive Advisor at CynergisTek, and industry-recognized HIPAA expert. We are also excited to be joined by a new guest, Andrew Mahler, Senior Manager of Privacy and Compliance Services at CynergisTek. Andrew has a background serving as an Investigator for the U.S Department of Health and Human Services Office for Civil Rights (OCR).Together, Andrew and David highlight and discuss major HIPAA violations in the past, speak about the importance of OCR regulations and involvement, as well as talk about how HIPAA disclosures to the media have changed during the time of COVID-19. This 34-minute episode deep dives into HIPAA media disclosures and is sure to benefit all listeners from marketing specialists to CISO.Links To Content and Articles:Read David Holtzman's blog 'OCR Warns Hospitals: No News Media in Treatment Areas Without Patient Authorization' written on MAY 27, 2020. David Holtzman was recently quoted in HealthcareInfoSecurity's article 'Inside Job at Clinics: Mobile Phone Used for Fraud', written by Marianne Kolbasuk McGee to discuss potential risks posed by employees inappropriately using personal devices during COVID-19.For a full repository of COVID-19 crisis resources, visit our CTEK COVID-19 Communications page for news, articles, podcasts, and more.Contact us with any questions regarding the regulatory changes during the COVID-19 crisis.

    Evolution of Cybersecurity Risk Profiles: Adjusting to The New Reality

    Play Episode Listen Later May 28, 2020 17:55


    In this episode, Clyde Hewitt dives into the history of Cybersecurity Risk Profiles. Beginning with the era of paper-based health records, flowing through the evolution of risk analysis and it's impact on culture, to how new/more frequent threats are creating bigger impacts that pre-existing risk models don't necessarily hold up to addressing. Clyde then explains what can be done to counter risk in today's new reality.

    Compliance Does Not Stop for COVID-19

    Play Episode Listen Later May 21, 2020 16:32


    Marti Arvin, Executive Advisor at CynergisTek, and industry-recognized compliance thought leader joins us for this week’s episode #19, “Compliance Does Not Stop for Covid-19”. In this episode, Marti breaks down the seven elements of an effective compliance program and applies them to the current Public Health Emergency/Coronavirus pandemic. “Covid-19 has created a crisis for every Healthcare organization. How they handle [it] is going to vary, but compliance does not stop for Covid-19” says Marti. Listen to this episode for a high-level, yet informative overview of compliance considerations your organization needs to continue during these trying times. Links:Listen to Marti Arvin's previous podcast episodes CMS Waivers For Hospitals Under COVID-19: An overview of compliance considerations - Part I, Part II, and Part IIIDownload our 30/60/90 day checklist, “Planning for Incident Response During the COVID-19 Crisis: Tales on Tackling the Security Debit.”For a full repository of COVID-19 crisis resources, visit our CTEK COVID-19 Communications page for news, articles, podcasts, and more.Contact us with any questions regarding the regulatory changes during the COVID-19 crisis.

    Even during a pandemic privacy and security must go on

    Play Episode Listen Later May 14, 2020 25:35


    CynergisTek's Executive Advisor Marti Arvin and first-time guest Andrew Bindner, Senior Offensive Security Consultant for CynergisTek join us today to discuss the importance of keeping up a strong privacy and security program during a high priority pandemic such as COVID-19. Andrew and Marti talk about why privacy and security have to go on even in the current environment that we see ourselves in at the moment. As they weigh out the risks that an organization may face if leadership decides to minimize their privacy and security efforts. Links:Download our checklist, “Planning for Incident Response During the COVID-19 Crisis: Tales on Tackling The Security Debt”For a full repository of COVID-19 crisis resources, visit our CTEK COVID-19 Communications page for news, articles, podcasts, and more.Contact us with any questions regarding the regulatory changes during the COVID-19 crisis.

    CMS Waivers For Hospitals Under COVID-19: An overview of compliance considerations - Part III

    Play Episode Listen Later May 7, 2020 16:21


    Marti Arvin joins us for part three of our series to discuss compliance considerations around the Center for Medicare and Medicaid Services Waivers (CMS) that were issued for hospitals under the Public Health Emergency. In part one of this series, Marti covers a number of the section 1135 waivers issued by CMS to support teaching hospitals, teaching physicians, acute care, and other hospitals. Marti also discusses specific waivers and compliance considerations associated with the waiver.Links to content:Read the fourth half of our blog series “CMS Waivers Under COVID-19: An Overview of Compliance Considerations – Part 4”Download our 30/60/90 day checklist, “Planning for Incident Response During the COVID-19 Crisis: Tales on Tackling the Security Debit.”For a full repository of COVID-19 crisis resources, visit our CTEK COVID-19 Communications page for news, articles, podcasts, and more.Contact us with any questions regarding the regulatory changes during the COVID-19 crisis.

    CMS Waivers For Hospitals Under COVID-19: An overview of compliance considerations - Part II

    Play Episode Listen Later May 7, 2020 20:24


    Marti Arvin joins us for part two of our series to discuss compliance considerations around the Center for Medicare and Medicaid Services Waivers (CMS) that were issued for hospitals under the Public Health Emergency. In part one of this series, Marti covers a number of the section 1135 waivers issued by CMS to support teaching hospitals, teaching physicians, acute care, and other hospitals. Marti also discusses specific waivers and compliance considerations associated with the waiver.Links to content:Read the second half of our blog series "CMS Waivers Under COVID-19: An Overview of Compliance Considerations – Part 2"Read the third installment of our blog series "CMS Waivers Under COVID-19: An Overview of Compliance Considerations – Part 3"Download our 30/60/90 day checklist, “Planning for Incident Response During the COVID-19 Crisis: Tales on Tackling the Security Debit.”For a full repository of COVID-19 crisis resources, visit our CTEK COVID-19 Communications page for news, articles, podcasts, and more.Contact us with any questions regarding the regulatory changes during the COVID-19 crisis.

    CMS Waivers For Hospitals Under COVID-19: An overview of compliance considerations - Part I

    Play Episode Listen Later May 5, 2020 27:25


    Marti Arvin joins us to discuss compliance considerations around the Center for Medicare and Medicaid Services Waivers (CMS) that were issued for hospitals under the Public Health Emergency. In part one of this series, Marti covers a number of the section 1135 waivers issued by CMS to support teaching hospitals, teaching physicians, acute care, and other hospitals. Marti also discusses specific waivers and compliance considerations associated with the waiver.Links to content:Read the latest blog on the topic CMS Waivers Under COVID-19: An Overview of Compliance Considerations - Part 1Download our 30/60/90 day checklist, “Planning for Incident Response During the COVID-19 Crisis: Tales on Tackling the Security Debit.”For a full repository of COVID-19 crisis resources, visit our CTEK COVID-19 Communications page for news, articles, podcasts, and more.Contact us with any questions regarding the regulatory changes during the COVID-19 crisis.

    Supply Chain & Third-Party Risks

    Play Episode Listen Later Apr 30, 2020 18:11


    Carrie Whysall, Director of Managed Security Services for CynergisTek joins us to discuss supply chain and third-party risks and why managing the level of risk brought into your organization is so important. Carrie breaks down the impacts your organization could be facing due to the COVID-19 pandemic. She will examine the importance of vendor security management and the process of building and maintaining relationships with your vendors to ensure you have a clear understanding of the services being provided and the risks that may be inherent in that relationship with the vendor, especially in regards to new telehealth vendors you may be using during the COVID pandemic. Carrie will also discuss what an effective VRM program entails and how your VRM program can help you determine, manage, and monitor potential third-party risks.To view Carrie's slides via Slideshare visit: https://insights.cynergistek.com/slideshares/supply-chain-and-third-party-risks-during-covid-19

    Telehealth and Remote Sites Are Here To Stay!

    Play Episode Listen Later Apr 28, 2020 21:34


    David Holtzman, Executive Advisor for CynergisTek sits down to discuss how healthcare organizations can flatten the curve in the spike of cybersecurity incidents that we are seeing during the COVID-19 pandemic. He will discuss strategies to leverage training materials designed to increase the information security IQ for health care providers and administrative staff working from home or using their personal devices to access information networks. David will also explore why video conferencing and text messaging technologies that meet the requirements of the HIPAA Security Rule standards could provide healthcare organizations resilience in this exceptional time. Read David Holtzma's article "COVID-19: Tips for Secure Remote Worksites, Telehealth Video, and Messaging" on more information about telehealth and remote worksites. 

    Cyber Hygiene for Clinical Equipment

    Play Episode Listen Later Apr 23, 2020 23:02


    Matt Dimino, Medical Device Security Consultant with CynergisTek joins us to discuss cyber hygiene for clinical equipment and the precautions you should take while these devices are on in high demand. Matt breaks down best practices and considerations healthcare delivery organizations should undergo to improve safety and reduce the threat landscape of the medical device ecosystem during the COVID-19 emergency. You may find Matt's related blog on practicing good cyber hygiene for medical equipment during COVID-19 at https://bit.ly/2VtG78l You may also read Matt's article on supporting medical equipment demands during COVID-19 at https://bit.ly/3au7C6d

    How HIPAA Allows Sharing PHI During The COVID-19 Emergency

    Play Episode Listen Later Apr 21, 2020 28:08


    David Holtzman, Executive Advisor for CynergisTek sits down to discuss how healthcare organizations can flatten the curve in the spike of cybersecurity incidents that we are seeing during the COVID-19 pandemic. He will discuss strategies to leverage training materials designed to increase the information security IQ for health care providers and administrative staff working from home or using their personal devices to access information networks. David will also explore why video conferencing and text messaging technologies that meet the requirements of the HIPAA Security Rule standards could provide healthcare organizations resilience in this exceptional time.Podcast Links: View the HHS.Gov Visio-Emergency Preparedness Disclosures chart: https://www.hhs.gov/sites/default/files/ocr/privacy/hipaa/understanding/special/emergency/emergencyprepdisclose.pdf Read a contributing article from David Holtzman: Tips for Secure Remote Worksites, Telehealth Video, and Messaging https://bit.ly/3br5jlz Read a recent article from David Holtzman about how OCR relaxed HIPAA Rules for COVID-19 testing sites: https://bit.ly/3eBZKmp.

    Supporting Clinical Equipment During High Demand

    Play Episode Listen Later Apr 16, 2020 14:47


    Matt Dimino, Medical Device Security Consultant with CynergisTek joins us today to discuss challenges that we are facing during the COVID-19 Crisis, the use of medical devices, and the threat of not having enough equipment to accommodate COVID-19 patients' during the crisis. Matt talks in-depth about strategic measures clinical leadership, information technology teams, and clinical engineering should be taking over the next couple of months. As well, Matt dives into basic medical equipment and how they can be the most impactful during the COVID-19 Crisis.  To read more about supporting medical device equipment demands during COVID-19 read our latest blog post written by Matt at https://insights.cynergistek.com/blog/supporting-medical-equipment-demands-during-covid-19

    Telehealth Waivers: What it Means and What it Does Not

    Play Episode Listen Later Apr 14, 2020 18:38


    Marti Arvin Executive Advisor at CynergisTek joins us to talk about compliance consideration and ensuring that compliance concerns don't slip around telehealth and the coronavirus (COVID-19) outbreak. Marti breaks down the recent announcements from DHHS, OCR, and CMS and discusses what was in place pre-COVID and what has changed with the COVID crisis. You may read the latest blog post on the subject at https://insights.cynergistek.com/blog/telehealth-and-coronavirus-compliance-considerations-to-think-about OCR Allows Internet Apps for Telehealth During COVID-19 Emergency blog post: https://insights.cynergistek.com/blog/ocr-allows-internet-apps-for-telehealth-during-covid-19-emergency

    Incident Response: Change in Time of a Crisis #6

    Play Episode Listen Later Apr 9, 2020 15:27


    COVID-19 is changing the way organizations prepare and respond to an incident. To address this, Marti Arvin and Clyde Hewitt are recording a mini-series on incident response. In this podcast, they discuss what must change as a result of becoming a remote workforce.  To read more about incident response read our latest blog: https://insights.cynergistek.com/blog/preparing-for-incident-response-with-a-remote-workforce 

    Incident Response: Change in Time of a Crisis #5

    Play Episode Listen Later Apr 9, 2020 21:26


    COVID-19 is changing the way organizations prepare and respond to an incident. To address this, Marti Arvin and Clyde Hewitt are recording a mini-series on incident response. In this podcast, they discuss what must change as a result of becoming a remote workforce.  To read more about incident response read our latest blog: https://insights.cynergistek.com/blog/preparing-for-incident-response-with-a-remote-workforce  

    Incident Response: Change in Time of a Crisis #4

    Play Episode Listen Later Apr 9, 2020 14:20


    COVID-19 is changing the way organizations prepare and respond to an incident. To address this, Marti Arvin and Clyde Hewitt are recording a mini-series on incident response. In this podcast, they discuss what must change as a result of becoming a remote workforce.  To read more about incident response read our latest blog: https://insights.cynergistek.com/blog/preparing-for-incident-response-with-a-remote-workforce 

    Incident Response: Change in Time of a Crisis #3

    Play Episode Listen Later Apr 7, 2020 30:51


    COVID-19 is changing the way organizations prepare and respond to an incident. To address this, Marti Arvin and Clyde Hewitt are recording a mini-series on incident response. In this podcast, they discuss what must change as a result of becoming a remote workforce.  To read more about incident response read our latest blog: https://insights.cynergistek.com/blog/preparing-for-incident-response-with-a-remote-workforce  

    Incident Response: Change in Time of a Crisis #2

    Play Episode Listen Later Apr 7, 2020 14:56


    COVID-19 is changing the way organizations prepare and respond to an incident. To address this, Marti Arvin and Clyde Hewitt are recording a mini-series on incident response. In this podcast, they discuss what must change as a result of becoming a remote workforce.  To read more about incident response read our latest blog: https://insights.cynergistek.com/blog/preparing-for-incident-response-with-a-remote-workforce  

    Incident Response: Change in Time of a Crisis #1

    Play Episode Listen Later Apr 7, 2020 23:26


    COVID-19 is changing the way organizations prepare and respond to an incident. To address this, Marti Arvin and Clyde Hewitt are recording a mini-series on incident response. In this podcast, they discuss what must change as a result of becoming a remote workforce.  To read more about incident response read our latest blog: https://insights.cynergistek.com/blog/preparing-for-incident-response-with-a-remote-workforce 

    Continuing User Access Monitoring During This Crisis

    Play Episode Listen Later Apr 3, 2020 5:38


    Marti Arvin, Executive Advisor for CynergisTek sits down to talk about user access monitoring in the COVID crisis and things that organizations should be doing on a routine basis and the importance during the COVID-19 crisis.  You can view this in video format while listening to this episode visit https://youtu.be/4cW93dpmPDo.  Read Marti's blog "User Access Monitoring in the Current COVID-19 Crisis".

    Claim CTEK Voices: The Risk Perspective

    In order to claim this podcast we'll send an email to with a verification link. Simply click the link and you will be able to edit tags, request a refresh, and other features to take control of your podcast page!

    Claim Cancel