• Reset
hipaa privacy rules

HIPAA privacy rules for non-covered entities

HIPAA data governance extends beyond doctors and healthcare providers to most entities providing services in the healthcare area. Understanding the role and responsibilities of the service providers is essential. The American Medical Association (AMA) now requires non-HIPAA-covered entities to protect sensitive Patient Health Information (PHI) they collect. In this third blog of our HIPAA blog […]

read more
electronic health records HIPAA

Electronic health records: necessary security safeguards

Second in our HIPAA blog series, this post takes a closer look at HIPAA’s technical safeguards. For starters, there are five technical safeguards as outlined in the HIPAA Security Rule.  The primary purpose of these safeguards is to help healthcare providers ensure that electronic Protected Health Information (ePHI) is safe from data breach and security-related […]

read more
EA breach

EA data breach: what happened & how it could have been prevented

Last week, news broke that games publisher Electronic Arts (EA) fell victim to a data breach. While EA won’t say when the incident occurred, the ramifications are clear: the malicious actors made off with a whopping 780gb of data. While no player’s personal data was compromised in the breach, among the stolen data were source […]

read more
data breach risks in Microsoft teams

Data breach risks from Microsoft Teams

Microsoft Teams has rapidly turned out to be the to-go-to application for remote work, accelerating exponentially in usage over the last twelve months. Teams boasts an impressive 145 million active daily users, marking a 26 percent increase up from 115 million daily active users in October 2020. However, despite the intrinsic trust, the success of […]

read more
SASE definition

Secure access service edge: What is SASE?

The Software-as-a-Service (SaaS) industry is forecast to generate $157 billion by 2022, as more and more organizations move their workloads to the cloud and embrace the world of hybrid work.  As companies increase their dependency on the cloud, however, they will likely experience latency and cost issues. This is because the traditional way of backhauling traffic through […]

read more

HIPAA deep dive series: when is patient authorization not needed for sharing personal data?

HIPAA has strict rules governing patient data storage and sharing. However in limited circumstances, the HIPAA Privacy Rule allows a covered entity to use or disclose a patient’s Protected Health Information (PHI) without prior written authorization.  First in our series of HIPAA in-depth blog posts, this piece looks at circumstances under which you don’t require […]

read more
what is zero trust

What is the principle of zero trust security?

Zero trust security is an IT security model centered around the concept that organizations should verify every person and device attempting to access their systems and data, whether they are inside or outside the network perimeter, before permitting access. In essence, it’s the idea that no digital entity can simply be trusted to be who […]

read more
colonial pipeline breach

Colonial Pipeline data breach; document malware likely cause

Colonial Pipeline got hacked recently. The cyberattack that forced the United States’ largest gasoline pipeline shutdown has triggered fresh questions about the vulnerability of the country’s vital infrastructure and businesses at large to cybercriminals. The breach at Alpharetta, Ga.-based company, is the latest high-profile cyberattack reminder that many of the nation’s businesses aren’t prepared to […]

read more

How remote work setups can lead to higher risks of sensitive data leaks

The benefits of a distributed, remote workforce are plentiful for organizations. From low costs to improved employee wellbeing, it’s easy to see why many companies are planning to let their employees work remotely even after the pandemic ends.  However, remote working also presents unique cybersecurity challenges. As employees communicate and collaborate across different cities, states […]

read more

Current trends in phishing emails

Phishing is the single most important risk for employees to introduce malware within organizations. Effective training to spot this risk in incoming emails is table stakes for all organizations, no matter the size. This article synthesis the latest research on what phishing email look like and tips on improving your company’s risk posture. According to […]

read more
When documents attack

When documents attack: malware inserted in attachments

Document-based malware is pretty common these days. An email analysis by Barracuda Networks revealed malware hidden in documents accounts for over 50 percent of all malicious files.  This trend appears to be gaining momentum as cyber crooks continue to spam documents, according to WatchGuard, a tech security company. While these documents look legit, they come […]

read more

Subscribe to Polymer blog