In its second annual Velocity healthcare data breach report, Stern Security has critically analyzed over 5,000 data breaches since the Department of Health and Human Services (HHS) began tracking the information in 2009. Stern Security utilized data from their HealthcareBreaches.com website as well as published information from HHS to create this comprehensive study. Stern Security […]
What is 405(d) HICP? 405(d) Health Industry Cybersecurity Practices (HICP) is a healthcare cybersecurity framework created out of a congressional mandate from the Cybersecurity Act of 2015. Section 405(d) of this mandate has a goal to strengthen the cybersecurity posture of healthcare and public health sector. A collective called the 405(d) Task Force was formed from […]
In its first annual healthcare data breach report, Stern Security has critically analyzed over 4,000 data breaches since the Department of Health and Human Services began tracking the information in 2009. Stern Security utilized data from their HealthcareBreaches.com website as well as published information from Health and Human Services to create this comprehensive report. This […]
Healthcare breaches have recently reached a grim milestone. As of June 10th, 2022, the number of Protected Health Information (PHI) records breached has reached 341,995,928. To put in prospective, this number surpasses the United States population which is at 332,759,097 (United States Census Bureau, 2022). It must be noted that these numbers only include reported healthcare […]
Introduction Velocity helped a large hospital system quadruple the speed of third-party risk assessments, increase accuracy of reviews, create a continuous assessment process, and track internal risk using the Center for Internet Security (CIS), NIST Cybersecurity Framework (CSF), and the HIPAA Security Rule. Background The hospital was struggling to manually review hundreds of vendor (business […]
Stern Security’s Founder and Principal, Jon Sternstein, presented at the 2019 NCHICA Incident Response 101 Forum. His presentation was titled, “Creating the Incident Response (IR) Plan Using Playbook Scenarios”. The full presentation can be read below. Presenter: Jon Sternstein August 2nd, 2019 Research Triangle Foundation12 Davis DriveResearch Triangle Park, NC
The 2019 Academic Medical Center Conference featured a presentation by Vidant Health cybersecurity leadership alongside Stern Security’s leadership. The presentation was titled, “Healthcare Security Project Strategies” and covered several major healthcare security projects with details about what worked and which strategies made the projects successful. Presenters: Kirk Davis & Jerry Hare (Vidant Health), Jon Sternstein […]
The September 2017 (Volume 15 Issue 9) edition of the ISSA Journal features an article by our Founder and Principal, Jon Sternstein. The title of the story is “Healthcare Security Ailments and Treatments the World Needs to Know” and provides valuable insight into healthcare data breaches. All of the graphs shown can be recreated on […]
At the August 2016 NCHICA Annual Conference, Chuck Kesler (CISO, Duke Health) & Jon Sternstein (CEO, Stern Security) teamed up to present on the ransomware threat in healthcare.
Background On January 22nd, 2016, the Food and Drug Administration released a draft guidance document titled “Postmarket Management of Cybersecurity in Medical Devices”. (Food and Drug Administration). This important document addresses the need for security throughout the lifecycle of several medical devices. Improving medical device security is a subset of President Obama’s February 19th, 2013 […]
- 1
- 2