Does CMMC Immunize You to Ransomware?

cmmc ransomware

While ransomware has been around for a while, it has absolutely SURGED in the past year. In part, this is due to the move to work-from-home environments, as well as the emergence of ransomware-as-a-service (RaaS) – which enables less sophisticated cybercriminals to execute a ransomware attack.   Protecting against bad actors in a constantly-evolving threat landscape […]

To CMMC & Beyond: What you can do today to prepare for CMMC tomorrow

cmmc certification

The Cybersecurity Maturity Model Certification (CMMC) is coming – whether you’re ready or not. Today, it’s primarily meant for the Department of Defense (DoD) and its subcontractors, but this comprehensive framework could be coming to an enterprise like yours in the future.  CMMC is a holistic look at cybersecurity. With cybercrime becoming ever more sophisticated, there’s a real need for a change in the way we assess our current state of cybersecurity […]

What You Need to Know about Telemedicine, HIPAA Compliance and the Pandemic

telemedicine hipaa compliance

The COVID-19 pandemic has spawned many new business realities including the mainstreaming of telemedicine and with it, the state of HIPAA compliance. The American Medical Association estimates that $250 billion in healthcare could shift to telemedicine from outpatient, office and home health visits. And the CDC is throwing its support behind the effort to migrate […]

What Software Companies Looking to Develop for the Healthcare Industry Need to Know

Software Companies Looking to Develop for the Healthcare Industry

The healthcare field presents several different opportunities for software companies, including data analytics, automated patient communications, telemedicine and transportation scheduling to name a few. However, healthcare is also one of the most heavily regulated industries as well. In 2019 alone, the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) investigated 29,853 […]

Make PCI Compliance Easier; Automate PCI DSS Requirement 11.2

Automate PCI DSS Requirement 11.2

One of the key tenets of a good cybersecurity program is using security in layers and including automated tools to assess defense status. Automated tools are the only way to deal with the huge variety of network infrastructure components involved in our modern information environments. For example, the Payment Card Industry Data Security Standard (PCI […]

Am I Ready for a PCI ROC?

Am I Ready for a PCI ROC?

We recently answered the question, “How do I know if I have to be PCI compliant?” That post is a good way for those new to the Payment Card Industry (PCI) world to learn some of the basics. Now, we answer the question, “Am I ready for a PCI ROC?” by going more in depth […]

First HIPAA Risk Assessment? Here’s How to Be Prepared

Introduction to HIPAA Risk Assessments

The Health Insurance Portability and Accountability Act (HIPAA) mandates industry-wide standards for the protection and confidential handling of protected health information (PHI). This legislation outlines how companies store, manage, retain, and/or transmit this data. One important exercise organizations subject to HIPAA are expected to complete is a risk analysis. It can be a challenging effort […]

Do I Have to Be PCI Compliant?

How do I know if I have to be PCI Compliant

The Payment Card Industry Data Security Standard (PCI DSS) is designed to help organizations protect their customer’s credit and debit card data. Businesses are held accountable for PCI compliance and must pay heavy fines if they don’t meet the standards. This article offers basic PCI DSS information to help you answer the question, “Do I […]

Does HIPAA Apply to Me?

Does HIPAA Apply to Me?

A common question we hear when we mention Avertium’s compliance expertise is, “Does HIPAA Apply to Me?”. Due to nuances in the requirements, it’s a fair question. In this post, we describe how your organization can determine whether or not you are required to adhere to the HIPAA regulations for privacy and security of protected […]

PCI DSS Business as Usual: The Pandemic Proved Why Businesses Should Adhere

PCI DSS Business as Usual

The PCI DSS standards are designed to ensure that companies processing, transmitting or storing customer credit card information or companies that can affect the security of that information are protecting this data appropriately. The process for becoming PCI certified includes passing a yearly audit during which security controls are evaluated. For many years that meant […]