Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
OCR's December 27, 2024 NPRM removes the addressable/required distinction and mandates encryption, MFA, semi-annual vulnerability scans, and annual penetration tests for ePHI.
Black Basta encrypted Ascension's network on May 8, 2024 via a malicious file downloaded by an employee, diverting ambulances across 140 hospitals and ultimately notifying 5.6 million patients.
Electronic Health Record platforms carry decades of transitive dependencies. A practical governance model for hospitals, vendors, and compliance officers.
HIPAA's Security Rule is thin on supply chain specifics. HITRUST CSF fills the gap with prescriptive third-party and software controls. Here's how the two frameworks intersect and how to build a program that satisfies both.
In February 2024, a ransomware attack on Change Healthcare paralyzed the U.S. healthcare payment system for weeks and ultimately exposed the personal health data of over 100 million Americans, making it the largest healthcare data breach ever recorded.
The BlackCat/ALPHV ransomware attack on Change Healthcare caused the largest healthcare IT disruption in U.S. history, affecting pharmacies, hospitals, and insurance claims processing nationwide.
In December 2023, Norton Healthcare disclosed that a May ransomware attack by the ALPHV/BlackCat group had compromised personal and medical data of 2.5 million patients, revealing the devastating impact of ransomware on healthcare.
Medical devices and healthcare IT systems depend on software with hidden vulnerabilities. Here's how SBOMs and supply chain security intersect with HIPAA.
HIPAA's Security Rule requires safeguards that extend to software dependencies. Here's what health tech developers and vendors need to address.
Weekly insights on software supply chain security, delivered to your inbox.