healthcare-security
Safeguard articles tagged "healthcare-security" — guides, analysis, and best practices for software supply chain and application security.
11 articles
The HIPAA Security Rule for Software Teams: Safeguards, Structure, and Change Ahead
The HIPAA Security Rule is technology-neutral by design, but its administrative, physical, and technical safeguards translate into concrete engineering work. Here's how the rule is structured and how a proposed 2025 overhaul could tighten it.
HIPAA compliance for developers: securing the software supply chain
HIPAA does not name your open source dependencies, but its Security Rule holds you responsible for them. Here's what developers building health-tech actually need to do.
HIPAA requirements and application security
HIPAA's Security Rule ties ePHI protection to application security, but scanner tools like Checkmarx rarely map findings to 45 CFR safeguards. Here's what compliance teams actually need.
Ransomware vs. Hospitals: The 2026 Healthcare Surge and the Push to Call It Terrorism
Healthcare ransomware dipped in volume in May 2026 but kept climbing in impact, and a former FBI cyber chief is asking Congress to treat hospital ransomware as terrorism. We weigh the policy debate against what actually protects patients.
HIPAA application security validation testing
A 2025 HHS rule proposes fixed testing cadences for HIPAA. Heres what security testing requirements demand now, and how Safeguard closes the gaps Veracode leaves.
HIPAA compliance in software development
HIPAA compliance in software development means encryption, access logging, and vulnerability management baked into the SDLC — not paperwork. Here's what engineers must build.
HIPAA compliance requirements for covered entities
What covered entities actually need under HIPAA's Privacy, Security, and Breach Notification Rules—and why compliance dashboards alone won't satisfy an OCR audit.
Software supply chain security for medical devices
How FDA premarket cybersecurity rules, medical device SBOMs, and firmware vulnerabilities like Ripple20 and SweynTooth are reshaping supply chain security for connected medical devices.
HIPAA compliance and software composition analysis for he...
HIPAA doesn't name software composition analysis, but auditors increasingly expect it. Here's how healthcare teams use SCA to manage third-party risk and protect ePHI.
Buyer's guide: selecting an SBOM tool for medical device ...
A buyer's guide comparing SBOM and SCA tools for medical device makers navigating FDA cybersecurity requirements, with honest vendor strengths and limitations.
HIPAA and Third-Party Software Components: A Developer Guide
HIPAA never mentions npm, but a vulnerable dependency in an ePHI system is a Security Rule problem. How risk analysis, patching, and BAAs map to your dependency tree.