Our Blog

Insights

RESULTS FOR: Data Privacy

Change Healthcare Ransomware Attack: 10 Lessons Learned

April 2, 2024 | Cyber Security

Why does it matter to you?

In February of 2024, Change Healthcare, a prominent player in the healthcare industry, fell victim to a ransomware attack that sent shockwaves through its systems and networks.  The incident highlights the critical need for robust cybersecurity measures and vigilance across all organizations, no matter of their size.   

How they did it – Anatomy of the Attack 

Exploiting Weaknesses – The attackers meticulously identified vulnerabilities within Change Healthcare’s infrastructure. The weaknesses ranged from outdated software Read More

Unlocking the Power of Precision:
Data Quality and Accessibility for Corporate Security Departments

February 15, 2024 | Security Consulting

Amidst the relentless waves of pandemic-induced uncertainty, organizations found themselves at a crossroads, compelled to reimagine how their businesses operated. For example, when stay at home orders continued to be extended for the unforeseeable future, many organizations began to reevaluate their commercial real estate strategy. Senior executives sought data points from their Corporate Security departments to help companies better navigate a precarious risk environment against the backdrop of public health challenges and economic uncertainty. As office attendance plummeted, these leaders … Read More

New EU-U.S. Data Privacy Framework Legalizes Personal Data Transfers from the EU to US

August 1, 2023 | Privacy

What happened?

On July 10, 2023, the European Commission announced that it had adopted its adequacy decision for the EU-U.S. Data Privacy Framework (EU-U.S. DPF). This long-awaited decision means that for the first time since the EU-U.S Privacy Shield was invalidated nearly three years ago (and other transfer mechanisms were called into question), there is a clearly established mechanism to transfer personal data from the EU to U.S. companies in compliance with the EU’s General Data Protection Regulation (GDPR).… Read More

Lines of Authority: The Critical Need for Role Clarity in Information Security Compliance

July 19, 2023 | Compliance Risk + Compliance

Clearly defined roles and responsibilities are an essential component of an effective compliance program. Failure to adequately assign responsibility can lead to gaps in compliance coverage and a lack of accountability.

In a recent NAVEX survey 76% of the respondents indicated that the compliance function in their infosec compliance group is not an independent Compliance department reporting to the chief executive officer or board of directors (for instance, it reports up through IT/data security/data privacy, Legal or Human Resources).

When … Read More

  • 1