Derek Reed

🚓 CJIS compliance doesn’t have to be a checkbox exercise. The City of Marietta, GA turned a security requirement into a workflow win by boosting productivity, simplifying access, and strengthening security with Imprivata Enterprise Access Management (EAM). 👉 Read the full story: https://ow.ly/TPyI30sQQFr

5

🔐 Strengthen Your Security Posture with NIST-Based Risk Assessments Healthcare organizations face relentless cyber threats and regulatory pressure. The question isn’t if you’ll be assessed—it’s whether your program can stand up to scrutiny. Why NIST matters: Provides a proven framework for identifying, prioritizing, and mitigating risks. Aligns with HIPAA, OCR, and industry best practices for healthcare security. Builds a roadmap for resilience—not just compliance. How Meditology helps: Our NIST-based Security Risk Assessment service delivers: ✅ Comprehensive gap analysis against NIST CSF ✅ Actionable remediation plans tailored to healthcare environments ✅ Executive-ready reporting for board and audit committees Ready to turn risk into resilience? DM or email me at shannon.lavett@meditologyservices.com. #HealthcareCybersecurity #NIST #RiskAssessment #HIPAACompliance #MeditologyServices

10

A must-listen anytime ReliaQuest's CTO Joe Partlow talks. If you’re at RSAC, this is one worth catching. #ReliaQuest #RSAC2026 #AgenticAI #SecurityOperations

5

𝐓𝐞𝐱𝐚𝐬 𝐡𝐞𝐚𝐥𝐭𝐡𝐜𝐚𝐫𝐞 𝐥𝐞𝐚𝐝𝐞𝐫𝐬 — 𝐢𝐟 𝐲𝐨𝐮'𝐫𝐞 𝐚𝐭 𝐭𝐡𝐞 #𝐓𝐎𝐑𝐂𝐇 𝐒𝐩𝐫𝐢𝐧𝐠 𝐂𝐨𝐧𝐟𝐞𝐫𝐞𝐧𝐜𝐞 𝐭𝐡𝐢𝐬 𝐰𝐞𝐞𝐤, 𝐜𝐨𝐦𝐞 𝐟𝐢𝐧𝐝 𝐮𝐬 𝐚𝐭 𝐁𝐨𝐨𝐭𝐡 #120. 🏥 We're not there to hand out brochures. We're there because healthcare orgs across the state are dealing with the same thing — infrastructure that can't keep up, security concerns that keep you up at night, and clinical demands that aren't slowing down. That's the work we live in every day at Weaver Technologies. My marketing manager Rachel Stewart will be on-site — stop by, say hello, and let's figure out if there's a conversation worth having.#Vamos #TORCHConference #HealthcareIT #DellTitaniumPartner #Cybersecurity #TexasHealthcare #WeaverTechnologies #InfrastructureModernization

3

CIO Partners, Inc. has been selected by TridentCare as their exclusive partner to lead their search for the role of Vice President, IT Infrastructure and Operations, located in Greater Philadelphia, or Austin, San Antonio, or Dallas, Texas. TridentCare is the leading national provider of portable diagnostic services—including Xray, ultrasound, cardiac monitoring, vascular access, and laboratory services—delivered to patients wherever they reside, from homes and assisted living to skilled nursing and other care settings. With deep clinical expertise and a broad geographic footprint, TridentCare partners with healthcare providers to reduce avoidable transfers, improve care coordination, and enhance patient experience. Reporting to the Chief Information Officer, the Vice President oversees all core infrastructure and operations functions (data centers, cloud platforms, network, end-user computing, service desk, and core IT platforms, etc.), ensuring secure, compliant, and cost-effective delivery of IT services that enable TridentCare’s growth, operational excellence, and strategic objectives. #vpofit #itinfrastructure #itleadership #executivelevel https://lnkd.in/ddb87B3

31

2 Comments

Exploring MSP vs MSSP? IDAC's Jim McDonald and Jeff Steadman join Mike Reiring to discuss AI’s impact on IT ops & security—and how creativity fuels tech learning. https://rsm.buzz/48H1Y1U

1

MDR Explained: 24/7 Cybersecurity Protection and Threat Response We unpack Managed Detection and Response (MDR), the cybersecurity solution that provides 24/7 protection. Discover how MDR combines advanced tools with human expertise to monitor systems, analyze threats, and provide real-time responses, including enhanced Microsoft 365 sign-in security. #MDR #Cybersecurity #ManagedDetectionAndResponse #CybersecuritySolutions #ThreatDetection #EndpointSecurity #Microsoft365Security #ITSecurity #CyberThreats #DataProtection

1

Senior cyber security advisor Christopher McGrath joins Jason Soroko and me on the Root Causes Podcast to discuss redefining digital certificates and their role in your organizational security profile, increasing regulation of certificates, and how enterprises can up their certificate game. Audio: https://lnkd.in/gqw3EBaT Video: https://lnkd.in/gKcuQiZd

31

Which 19 CIS Security Controls do you need to meet to achieve HB96 compliance? Look no further than this 👇 Below is a deep dive into the specific CIS Safeguards required to meet each pillar of HB 96. 1. Risk & Critical Function Identification * Safeguard 1.1: Establish and maintain a detailed, up-to-date inventory of all enterprise assets with the potential to store or process data. * Safeguard 2.1: Maintain a detailed inventory of all licensed software, including its business purpose. * Safeguard 3.1 & 3.7: Establish a data management process and a classification scheme (e.g., Sensitive, Confidential, Public) to identify and prioritize the protection of critical data. 2. Threat Detection Mechanisms * Safeguard 7.1: Establish a vulnerability management process to track and remediate known flaws in assets. * Safeguard 8.1 & 8.2: Establish an audit log management process and ensure logging is enabled across all enterprise assets to detect anomalies. * Safeguard 10.1 & 10.2: Deploy anti-malware software on all assets and configure automatic signature updates to detect new threats. 3. Incident Response Procedures * Safeguard 17.1: Designate at least one key person (and a backup) to manage the incident handling process. * Safeguard 17.3: Establish a clear process for the workforce to report potential security incidents immediately. * Safeguard 6.2: Establish a process to revoke access immediately upon termination or role change to prevent "insider threats" during a crisis. 4. Infrastructure Recovery & Maintenance * Safeguard 11.1: Establish a data recovery process that prioritizes systems based on business value. * Safeguard 11.2: Perform automated, regular backups (at least weekly) for all in-scope assets. * Safeguard 11.4: Maintain an isolated instance of recovery data (offline or cloud) to ensure backups remain uncorrupted during ransomware attacks. * Safeguard 4.1: Maintain a secure configuration process for all assets to ensure systems are repaired back to a known "secure" state rather than their vulnerable defaults. 5. Mandatory Training * Safeguard 14.1: Establish a security awareness program with training at hire and annually. * Safeguard 14.2: Train all workforce members specifically to recognize social engineering (e.g., phishing, pre-texting). * Safeguard 14.4: Train the workforce on data handling best practices, including locking screens and erasing whiteboards. There you have it. You don't need to worry about all 56 CIS-IG1 safeguards to meet HB96 compliance. Looking for even less worry? Send me a message, and let's talk about how Vinson Protect can help you meet your HB96 compliance requirements. https://lnkd.in/gtJcYtaR

4

Most healthcare systems walk into M&A with too many tools and too few efficiencies.  Without a centralized IAM strategy, organizations pay for:  ❌ Duplicate licenses  ❌ Help desk overload  ❌ Security response costs  ❌ Audit prep chaos  But with the right identity framework, they can:  ✔ Cut IT ops by 25% (Gartner, 2022)  ✔ Save $70/user/year in support costs (Okta, 2022)  ✔ Reduce audit effort by 40% (IDC, 2023)  👉 The numbers speak for themselves: https://lnkd.in/eNndwvjy

1

New on the One Guy Consulting blog: Ransomware Protection for Healthcare.  Healthcare organizations remain a high-value ransomware target, and effective  preparation requires both strong preventive controls and a practical response  plan. In this article, we break down the fundamentals: layered security,  immutable backups, and the critical first-hour actions that help protect  patient care and business continuity. Please read the full post on our website to further the discussion in the comments below - https://lnkd.in/eC4aewu2

1

Insight worth sharing from our Propulsion partners!     HIPAA compliance isn’t just for hospitals—it matters for every IT provider, MSP, and business handling healthcare data. This practical guide explains what HIPAA means, who it applies to, and how to protect patient information through smart, scalable safeguards.     💡 A must-read for organizations aiming to strengthen data privacy and compliance.     👉 Read the full guide here: 

1

📋 MSSP 2026: Minor Updates, Where to Look for Major Innovation Following up on the ASM discussion, here's my cliff notes version of MSSP updates in the proposed 2026 PFS and where might we look for the future of value-based care. 𝗠𝗦𝗦𝗣 𝗨𝗽𝗱𝗮𝘁𝗲𝘀 (𝗠𝗼𝘀𝘁𝗹𝘆 𝗠𝗶𝗻𝗼𝗿): Risk Progression Changes: → One-sided risk period shortened from 7 to 5 years max (starting 2027) → 5K beneficiary minimum only required in 3rd benchmark year for new agreements → Falling below threshold = BASIC track only with capped savings/losses Administrative Updates: → Real-time reporting required for participant/SNF changes during performance year → Cyberattacks now qualify for relief from quality/financial performance requirements → Health equity adjustment to quality scores discontinued (PY 2025) Quality & Measurement Refinements: → Social drivers screening removed from APP Plus measures → CAHPS survey shifts to web-mail-phone format (2027) → Primary care services expanded to include behavioral health add-ons → Stronger quality monitoring and enforcement starting 2026 𝗠𝗜𝗣𝗦 𝗔𝗣𝗠 𝗖𝗹𝗮𝗿𝗶𝗳𝗶𝗰𝗮𝘁𝗶𝗼𝗻: Starting Payment Year 2026, Qualifying APM Participants receive a higher annual PFS conversion factor (0.75% vs. 0.25% for non-QPs). 𝗪𝗵𝗲𝗿𝗲 𝘁𝗼 𝗟𝗼𝗼𝗸 𝗳𝗼𝗿 𝗜𝗻𝗻𝗼𝘃𝗮𝘁𝗶𝗼𝗻: New CMMI Model Potential: Since major changes to MSSP must be tested first through new models, could CMMI be developing a breakthrough model that tests both enhanced risk adjustment methodologies AND AI-enabled care delivery? This dual innovation could provide a compelling alternative to ACO REACH—combining more accurate risk prediction with intelligent care coordination. The SaaS Connection: Both proposed PFS and OPPS/ASC rules specifically request input on Software-as-a-Service costs. This isn't coincidental—it could signal potential new models that could integrate AI platforms within traditional FFS structures while testing next-generation risk adjustment. Industry Implication: For ACO leaders expecting major MSSP evolution—look to new CMMI models, not incremental rule changes. The substantive transformation we need will likely emerge through dedicated model testing before integration into the main MSSP program. 𝗞𝗲𝘆 𝗤𝘂𝗲𝘀𝘁𝗶𝗼𝗻: Are these incremental MSSP changes creating stability while CMMI develops a breakthrough model that could eventually transform the entire ACO landscape? For ACO leaders: The shortened risk timeline and beneficiary flexibility suggest CMS wants more organizations testing value-based arrangements - not fewer barriers to entry, but clearer pathways to accountability. 💭 What's your read on these signals? Are we seeing setup for a major VBC evolution, or tactical refinements to current programs? #MSSP #ACO #ValueBasedCare #CMS #CMMI #HealthcareInnovation #PaymentReform

21

1 Comment

Attacks on healthcare are getting more and more frequent, especially with global tensions rising. Not to mention, many attacks are sitting quietly gathering data for a later date. The only way to stop these attacks is by ensuring vulnerabilities are handled more quickly than they can be exploited. Message me to discuss how InfoSight can help with continuous IT/IoT/IOMT monitoring and vulnerability management.

4

"Creating an asset inventory is necessary for building a modern defensible architecture and one of CISA’s Cybersecurity Performance Goals." Last week, CISA and their partner agencies released the Foundations for OT Cybersecurity: Asset Inventory Guidance. This document takes a look at creating and maintaining a defensible OT asset inventory which can only be done when organizations have a full picture of the environment. For the last 20 years Industrial Defender has taken the "what" in the CISA guidance and helped deliver the "how:" ✅Discover & Collect Safely identify every connected OT asset either legacy, proprietary, and modern, without disrupting operations. Automatically capture high-priority fields like IP/MAC, manufacturer, firmware, OS, ports, and user accounts. ✅Classify & Organize Map assets into a framework and assign criticality, and visualize dependencies with automated mapping. ✅Centralize & Secure Maintain a single source of truth for OT assets with role-based access, change tracking, and encrypted storage. ✅Correlate & Protect Cross-reference the inventory with CISA’s Known Exploited Vulnerabilities (KEV) and MITRE CVE data to identify risks fast — and trigger alerts in real time. ✅Sustain & Improve Integrate with maintenance systems, and continuously refine your inventory with automated change detection. 👏 Great work by the CISA team! Full Link: https://lnkd.in/edriKWUu

48

2 Comments

Is your Raleigh practice struggling to provide secure, flexible access for providers working from home or satellite locations? 🌐 For dental and medical offices, unsecured remote desktop connections are a major threat to patient data privacy and HIPAA compliance. IT Practice implements Zero Trust Remote Access Solutions. We move beyond traditional VPNs, requiring strict verification for every user and device attempting to access your network. This granular control ensures staff can work efficiently from anywhere while maintaining the highest level of data protection. Work flexibly, stay secure. 🛡️ Implement a modern, ultra-secure remote access framework tailored for healthcare compliance. #WorryFreeIT #DentalIT #MedicalIT #ZeroTrust #RemoteAccess #Cybersecurity #HIPAASecurity #RaleighNC #LocalBusiness

1