Healthcare Archives

Insider Risk Costs: Uncovering the $19.5M Threat Inside

by Patrick Spencer March 12, 2026March 12, 2026 | Cybersecurity Risk Management

Cybersecurity conversations tend to drift toward the dramatic: nation-state actors, zero-day exploits, supply chain infiltration. These threats are real and they deserve attention. But there is a more mundane and...

The Breach: What Happened at Cal AI

by Patrick Spencer March 11, 2026March 11, 2026 | Cybersecurity Risk Management

On March 9, 2026, a threat actor posted a data dump on BreachForums claiming to have compromised Cal AI — the AI-powered calorie-tracking app that recently made headlines for acquiring...

There’s No “–dangerously-skip-permissions” for Your Data

by Tim Freestone March 4, 2026March 4, 2026 | Cybersecurity Risk Management

Buried in the documentation for Claude Code — Anthropic’s agentic coding assistant — is a flag that stops most security-minded readers cold: --dangerously-skip-permissions The name deserves credit for its honesty....

Healthcare Data Sovereignty: Requirements for Transferring Patient Data Across Borders

by Marc ten Eikelder March 4, 2026March 4, 2026 | HIPAA Compliance

Patient data has always been among the most sensitive information any organization handles. What’s changed is where it goes. Clinical trials span multiple continents. Telemedicine platforms serve patients across national...

Your Hospital’s Patient Data Is Under AI-Powered Siege. Most Defenses Were Built for a Different Era.

by Patrick Spencer February 26, 2026February 26, 2026 | Cybersecurity Risk Management

The breach didn’t start with a sophisticated zero-day exploit. It started with access to an electronic health records system that an unauthorized party maintained for nine months before anyone noticed....

Healthcare Has AI Governance Committees Everywhere. Almost Nobody Knows What AI Is Actually Running.

by Patrick Spencer February 26, 2026February 26, 2026 | Cybersecurity Risk Management

Healthcare loves a committee. Stand up a governance body, draft a charter, assign cross-functional representatives, schedule quarterly meetings. Check the box. The problem is that committees don’t govern anything if...

Another Healthcare Vendor Breach Exposes Why the Handoffs Are the Real Weak Spot

by Patrick Spencer February 26, 2026February 26, 2026 | HIPAA Compliance

Healthcare organizations don’t get breached because they forgot about compliance. They get breached because patient data must move — fast — across a sprawling ecosystem of EHRs, billing portals, eligibility...

Insomnia Data Theft Gang Signals a New Era of Healthcare Cyber Threats: Why Perimeter Security Is No Longer Enough

by Patrick Spencer February 25, 2026February 25, 2026 | Cybersecurity Risk Management

Your firewall is not protecting your patient data. Your endpoint detection is not catching the intruder. Your perimeter security strategy was built for a threat that no longer exists. That...

Your Vendors Are Getting Hacked Once a Month. Here’s What That Means for Your Business.

by Patrick Spencer February 24, 2026February 24, 2026 | Third Party Risk

Let’s start with a number that should make every executive pause: the average organization experienced 12 third-party breaches last year. That’s one breach per month, coming not from your own...

2026 Compliance Checklist for Secure File Sharing and Audit Readiness

by Uri Kedem February 24, 2026February 24, 2026 | Secure File Sharing

Modern compliance audits don’t just ask whether sensitive files are protected—they require proof. In 2026, secure file sharing systems support compliance and auditing by centralizing exchanges across channels, enforcing encryption...

Microsoft Copilot Read Your Confidential Emails for Weeks. Here’s What Broke and How to Fix It.

by Patrick Spencer February 23, 2026February 23, 2026 | Cybersecurity Risk Management

For weeks, Microsoft 365 Copilot was quietly reading, summarizing, and surfacing emails that organizations had explicitly marked as confidential. Legal memos. Business agreements. Government correspondence. Protected health information. All processed...

How Swiss Healthcare Organizations Can Protect Patient Data Under Swiss Federal Data Protection Act

by Danielle Barbour February 19, 2026February 19, 2026 | Regulatory Compliance

Swiss healthcare providers—hospitals, clinics, and medical practices—face Swiss Federal Data Protection Act requirements that impose heightened protection obligations for sensitive patient health information. FADP Article 8 requires special safeguards for...

Get started.