Patient health information is governed by robust rules that determine how this data is handled, stored, and accessed. Federal laws, such as the Health Insurance Portability and Accountability Act (HIPAA) and various state laws strengthen patient rights. HIPAA set a baseline for regulatory compliance with patient health information. Under the “preemption” language in the rule, no state may create less effective or weaker medical privacy protection for individuals.

This is a guest blog by Kim Crawley. I’ve worked in cybersecurity for about a decade, but I’ve been autistic for my entire life. Careers usually start in adulthood, but autism is something children are born with. And contrary to what some people assume, autism doesn’t disappear at age 18. Autism is for life. Unfortunately, once autistic people become adults, services become a lot less plentiful.

Ransomware hit Louisiana’s state government hard yesterday, shutting down multiple websites and email systems after it fell victim for the second time in just a few months to a ransomware attack.

This is a follow-up/continuation to Part One of the series, where I recommend reading to help provide some background into why we should all consider reviewing our OPSEC (Operational Security), not just those with something to hide. Have you actually thought about how much you are tracked on a daily basis? Think about everything you post on social media, what you search, the apps that are generating metadata (with or without your consent), what your phone knows about you.

According to IBM, it takes an average of 197 days to detect a breach. Today's attackers go above and beyond to evade alerting capabilities and make it look like they were never there. While that number tends to be shorter for Insider Threats, Insiders also tend to be much better at deception and covering their tracks as well.

NIST CSF stands for the National Institute of Standards and Technology Cybersecurity Framework. The NIST CSF consists of best practices, standards, and guidelines to manage cybersecurity program risk. This voluntary framework is divided into three primary parts: the framework core, profiles, and tiers. The NIST CSF core comprises five functions, where each function are further broken down into categories and subcategories. There are currently 23 categories and 108 subcategories in the NIST CSF.

Learning how to optimize your website can be a challenge. At one time, it was only about figuring out what Google wanted, which was largely keywords. Now, it’s much more complex. Google is focused on not only delivering high-quality, relevant search results, but also on protecting people from malware and unscrupulous websites. Not only that, a hack of your website by others can give Google false information that directly impacts your rankings.

As enterprises adopt cloud-first or cloud-native strategies, Kubernetes is by far the most important strategic consideration. At the same time, for the large subset of these enterprises which take payment from consumers, PCI DSS has never been more critical. More than ever, enterprises have to pay attention to data security (and their commitment to improving security posture) in order to meet compliance requirements. So what has to change to meet compliance in a Kubernetes-based environment?

One of the main benefits to standardized infrastructure is the ability to share application resources across entities. We are taking advantage of this with the Cloud Native Security Hub as we start to explore how to standardize cloud native security.