HIPAA Security Rule for dummies

HIPAA (Health Insurance Portability and Accountability Act) is a 1996 federal law that seeks to protect the medical information of patients. To achieve this, it lays down certain compliance requirements for covered entities. In the context of HIPAA, covered entities are organizations on which HIPAA is applicable. Under Title II of this act, the US … Continued

Penetration testing and vulnerability scanning for GDPR

GDPR completed its second anniversary in May this year. In one of our earlier articles, we discussed how NYDFS Cybersecurity Requirements for Financial Services Companies is a rare regulation that explicitly states penetration testing and vulnerability assessments. Unlike NYDFS, GDPR does not explicitly cover either of these, which leads to a lack of clarity. In … Continued

BreachLock Guide on NYDFS Cybersecurity Regulation

The level of threat posed to IT systems by attackers with malicious intent (or independent criminal actors), nation–states, and terrorist organizations is exponentially increasing. With the ever-growing attack surface area, cybercriminals are actively looking for vulnerabilities in the technical systems. These vulnerabilities are then exploited to gain access to sensitive electronic data. Based upon this line … Continued