Drew Tanous

Drew is a cyber assurance supervisor at HORNE Cyber where he specializes in cyber risk related assurance services.

Recent Posts

Mar 28, 2019 9:30:00 AM

How HIPAA Compliance Efforts May Impact Your Overall Security Posture

HIPAA security and privacy rule requires many resources for an organization to be compliant. Resources can be time consuming and often create operational issues and financial burden for covered entities. Organizations often believe that there is one solution out there that will make achieve compliance or, more importantly, secure the organization. This leads organizations to consider two big questions: Where do I focus my resources to meet the HIPAA security and privacy rule? -and- Is being HIPAA security and privacy rule compliant good enough to lower the risk of a breach?

Topics: HIPAA

Jan 17, 2019 9:30:00 AM

2018 in Review: HIPAA Violations

In 2018 there were various fines paid by healthcare organizations for failure to comply with the HIPAA security and privacy standards. Reviewing the trends of fines in 2018 can be beneficial to healthcare organizations, providing an opportunity to learn and proactively correct outstanding violations within your organization. The various trends of fines included lack of compliance in the following areas:

Topics: HIPAA

Jul 5, 2018 10:30:00 AM

Topics: Cyber Assurance Insights

Jun 29, 2017 10:01:00 AM

Will the FDA Strengthen Cybersecurity Requirements for Medical Devices?

Earlier this year, the FDA released guidance for Postmarket Management of Cybersecurity in Medical Devices. While many agree that the recommendations will help guide developers and manufacturers, these are still "non-binding" and are simply recommendations, not requirements. With the stakes being so high and the continued growth of cyber threats, if and when will the FDA begin mandating these recommendations?

Topics: Cyber Assurance Insights

Nov 22, 2016 10:00:00 AM

FFIEC Cybersecurity Assessment Tool Frequently Asked Questions

This past month the FFIEC issued a statement to provide clarification on several questions the FFIEC recieved for the Cybersecurity Assessment Tool (CAT). Since the release of the CAT and with the statement issued last month, I have recieved numerous questions from clients that I wanted to share with you to provide you insight on its value and use to your management team. So, here are our FAQs:

Topics: cybersecurity, cybersecurity assessment tool