5 Min Read November 12, 2019

HIPAA Compliance Tips & Best Practices — Training Considerations

What kind of training does your organization need to support HIPAA compliance? A good way to start answering this question is to reference the Department of Health & Human Services (HHS)’s own words:

“The HIPAA Rules are flexible and scalable to accommodate the enormous range in types and sizes of entities that must comply with them. This means that there is no single standardized program that could appropriately train employees of all entities.” [Emphasis added. Ed.]

The standards for training are flexible. But training itself is mandatory: Training is an Administrative requirement of the HIPAA Privacy Rule (45 CFR § 164.530) as well as an Administrative Safeguard of the HIPAA Security Rule (45 CFR § 164.308). (more…)

2 Min Read November 7, 2019

Meet Threat Stack at AWS re:Invent 2019

Join Threat Stack at re:Invent 2019
December 2–5
Sands Expo Convention Center
Las Vegas, NEV

AWS re:Invent 2019 fires up on Monday, December 2, and it’s going to be a fantastic show. Once again, Threat Stack is a proud sponsor, and we’re bringing a great team to the event! If you’re going to attend, make sure you stop by our booth to say Hello! (more…)

8 Min Read October 31, 2019

Testing Tool Profile: Why Threat Stack Uses ThoughtWorks Gauge

Threat Stack is Testing its New Audio Blog Offering!

Threat Stack has numerous tests running daily, verifying that things are working as expected in our Threat Stack Cloud Security Platform®. To supplement the Software Engineers’ unit and integration tests, our Test Engineering team has created the following as part of our automated regression test suite: (more…)

7 Min Read October 29, 2019

HIPAA Compliance Tips & Best Practices — Factors to Consider When Developing Effective Policies & Procedures

Our last post on HIPAA compliance — HIPAA Compliance Tips & Best Practices — Building Your Foundational Knowledge — provided expert insights that are designed to help healthcare providers and business associates develop their foundational knowledge of HIPAA regulations and requirements. Today’s post offers insights into how an organization can achieve effective governance by translating its understanding of HIPAA into effective operational policies and procedures. (more…)

4 Min Read October 24, 2019

How to Create a Security Risk Assessment for Containers in 5 Steps

When adopting containers, organizations need to create a risk profile for the types of threats and vulnerabilities they expect to experience. This type of analysis is especially important with containers, since the attack surface increases significantly, while the level of security visibility across hosts, containers, and the infrastructure control plane decreases.

For example, one of the most prominent attack scenarios in containers is the idea of blast radius. After the initial point of compromise, an attacker can escalate privileges quickly to gain control of other containers in the cluster. Since attackers are looking for the greatest returns for the least amount of effort, a vulnerable Kubernetes or Docker cluster may be a great place to strike quickly and do a lot of damage across a wide attack surface.

New, sophisticated attacks to cloud infrastructure emerge every day. But, if you follow the five steps outlined below to create a cybersecurity risk assessment, you can anticipate where your organization may be most vulnerable and strengthen your system’s security accordingly before an attacker gets the chance to strike. (more…)

11 Min Read October 22, 2019

HIPAA Compliance Tips & Best Practices — Building Your Foundational Knowledge

The last few years have seen a number of failures in the field of HIPAA compliance and fines that would put many smaller-scale practices out of business. While an increase in the use and sharing of electronic patient data accounts for many HIPAA compliance issues, the bottom line is that too many organizations are leaving themselves vulnerable to data protection breaches in ways that are fundamentally avoidable. (more…)