Press

Qualified Security Assessor (QSA) companies are independent security organizations that have been qualified by the PCI Security Standards Council to validate an entity’s adherence to PCI DSS. Websolv Computing, dba ecfirst, has successfully completed the requirements and is qualified as a PCI QSA.

Discuss your PCI DSS requirements, including risk and vulnerability assessment, penetration testing, policy development, and training with ecfirst.

Date: Aug 4, 2016

Pabrai Confirmed at WEDI Con on Ransomware: Prepared? Examine 8 Key Actions, Nov 7, Washington DC

Date: Aug 1, 2016

Is HIPAA in Your Enterprise DNA? Ali Pabrai Blog with Konica Minolta

Date: July 28, 2016

Pabrai Confirmed to Open HCCA Clinical Conference with The Art of Performing Risk Assessments

Date: July 18, 2016

CHP+CSCS™ Program Confirmed for Las Vegas, NV on Nov 28-Dec 1, 2017

Date: July 18, 2016

CHP+CSCS™ Program Confirmed for Philadelphia, PA on Sept 19-22, 2017

Date: July 18, 2016

CHP+CSCS™ Program Confirmed for Chicago, IL on July 18-21, 2017

Date: July 18, 2016

CHP+CSCS™ Program Confirmed for Orlando, FL on May 23-26, 2017

Date: July 18, 2016

CHP+CSCS™ Program Confirmed for San Jose, CA on March 20-24, 2017

Date: July 18, 2016

CHP+CSCS™ Program Confirmed for Columbus, OH on Jan 24-27, 2017

Date: November 26, 2015

HIPAA Settlement Reinforces Lessons for Users of Medical Devices

Lahey Hospital and Medical Center (Lahey) has agreed to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules with the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR). Lahey will pay $850,000 and will adopt a robust corrective action plan to correct deficiencies in its HIPAA compliance program. Lahey is a nonprofit teaching hospital affiliated with Tufts Medical School, providing primary and specialty care in Burlington, Massachusetts.

Lahey notified OCR that a laptop was stolen from an unlocked treatment room during the overnight hours on August 11, 2011. The laptop was on a stand that accompanied a portable CT scanner; the laptop operated the scanner and produced images for viewing through Lahey’s Radiology Information System and Picture Archiving and Communication System. The laptop hard drive contained the protected health information (PHI) of 599 individuals. Evidence obtained through OCR’s subsequent investigation indicated widespread non-compliance with the HIPAA rules, including:

Failure to conduct a thorough risk analysis of all of its EPHI.
Failure to physically safeguard a workstation that accessed EPHI.
Failure to implement and maintain policies and procedures regarding the safeguarding of EPHI maintained on workstations utilized in connection with diagnostic/laboratory equipment.
Lack of a unique user name for identifying and tracking user identity with respect to the workstation at issue in this incident.
Failure to implement procedures that recorded and examined activity in the workstation at issue in this incident.
Impermissible disclosure of 599 individual’s PHI.

In addition to the $850,000 settlement, Lahey must address its history of noncompliance with the HIPAA Rules by providing OCR with a comprehensive, enterprise-wide risk analysis and corresponding risk management plan, as well as reporting certain events and providing evidence of compliance.

Contact ecfirst to learn more about how to conduct a comprehensive and thorough risk analysis exercise with a credible risk management program.

Date: November 11, 2015

ecfirst & (ISC)²® Offer HIPAA & Cyber Security Programs for CPE Credits

Date: November 3, 2015

CHP Certification Program Confirmed for Chennai on Feb 17-18, 2016

Date: October 27, 2015

Pabrai Brief on Healthcare Cyber Security in Seattle on Nov 3, 2015

Date: October 05, 2015

Take the Cyber Security Readiness Quiz. Complimentary.

Date: September 24, 2015

Assess the State of Your Organization’s Compliance with HIPAA, A Quick Self-Assessment

Date: September 16, 2015

ecfirst Delivers Penetration Testing Services for Networks and Web Applications.

Request a Pen Test Proposal.

Date: September 5, 2015

Cyber Threats Result in Business Risk

Date: September 5, 2015

HIPAA Fines and OCR Identified Key Deficiencies

Date: September 5, 2015

HIPAA Compliance: A Quick Self Assessment

Date: August 24, 2015

CSCS™ Certification Program Confirmed for Dubai on Oct 4-5, 2015

HIPAA & Cyber Security Certification & Training Examine ISO 27000, PCI DSS, HIPAA, HITECH & More

Date: August 21, 2015

CSCS™ Certification Program Confirmed for Chennai on Oct 8-9, 2015

HIPAA & Cyber Security Certification & Training Examine ISO 27000, PCI DSS, HIPAA, HITECH & More

Date: September 10, 2015

Cyber Risk = Business Risk, Brief by Cyber Security Expert Pabrai in 4th Annual Phoenix Security & Audit Conference, Arizona

Just as the banks of a river, compliance safeguards and cyber security controls are vital to mitigating the risk to business. Like water in a river, sensitive, confidential information flows through all areas of the business. How prepared is the business from cyber attacks to compromise Personally Identifiable Information (PII) or confidential data such as Electronic Protected Health Information (EPHI)?

Date: August 19, 2015

Are Your Applications HIPAA Compliant? Complimentary! Checklist for HIPAA Application Security

Over the past year, the cost of data breaches due to malicious or criminal attacks has increased from an average of $159 to $174 per record. Cyber attacks on healthcare organizations as well as business associates are on the rise. HIPAA mandates require that the EPHI processing applications meet defined requirements. Healthcare applications must be formally assessed to ensure HIPAA mandates are met. A cyber attack on an enterprise application may lead to a breach with EPHI accessed by unauthorized individuals.

Date: May 26, 2015

Cyber Risk = Disruptive Business Risk, Brief by Cyber Security Expert Pabrai in Des Moines, Iowa

Date: May 19, 2015

HIPAA Certification Online, Special Promotion for a Limited Time

Date: May 02, 2015

Cyber Risk = Business Risk, An Exec Brief from ecfirst

Date: April 16, 2015

ecfirst Introduces Information Security Assessment for Small to Medium Businessest

Businesses must conduct a comprehensive and thorough assessment of the potential vulnerabilities to the confidentiality, integrity and availability of all confidential information, such as Personally Identifiable Information (PII).

Date: April 15, 2015

ecfirst Video: Compliance & InfoSec Solutions

Date: March 17, 2015

Pabrai Delivers Featured Brief on Compliance & Cyber Security: Enabling a Credible Program, 23 National HIPAA Summit, Washington, DC, March 17, 2015

Date: February 27,2015

Vulnerability Assessments: Critical For HIPAA Compliance, Webinar 11am Central. 9 am Pacific, Feb 27, 2015

Date: 12/09/2014

HIPAA settlement underscores the vulnerability of unpatched and unsupported software

Date: 09/22/2014

Exclusive! Checklist for Compliance & Information Security

Date: 08/12/2014

Pabrai Confirmed Speaker at ASIS Asia Pac Security Conference in Singapore, Dec 8, 2014

Date: 08/18/2014

Chinese Hackers Suspected in Healthcare Breach Impacting 4.5 Million

Date: 08/09/2014

Pabrai Confirmed to Deliver Featured Brief on Cyber Security & HIPAA Compliance, HIMSS Iowa, Sept 8, 2014

Date: 7/19/2014

Pabrai Delivers Opening Featured Brief on Art of Performing Security Assessments

Date: 7/17/2014

Pabrai Delivers Keynote Address in New York Conference

Date: 7/11/2014

Prepared for HIPAA Audits in 2014?

Over $25 M in HIPAA Fines & 31 M Records Compromised! Medical records left unattended & accessible to unauthorized individuals

Date: 5/27/2014

Technical Vulnerability Assessment is a HIPAA Compliance Mandate

Technical Vulnerability Assessment is a HIPAA Compliance Mandate
IRVINE, CALIFORNIA, USA â€“ May 25, 2014: A key requirement of the HIPAA Security Rule compliance mandate is that organizationsâ€™ must conduct a comprehensive and thorough assessment of the potentials risks and vulnerabilities to the confidentiality, integrity, and availability (CIA) of all sensitive information such as Personally Identifiable Information (PII) or Protected Health Information (PHI).

Date: 05/09/2014

Data breach results in $4.8 million HIPAA settlements

Date: 05/02/2014

Pabrai Presents Art of Performing Security Assessments at HCCA Conference, Oct 12-14, 2014

Date: 4/2/2014

Information Security Staffing Program (ISSP) from ecfirst

ecfirst, an organization rich in hands-on experience delivering information security services across all States in the USA, provides the industry’s most flexible program for security staffing.

Date: 3/25/2014

Toolkits for HIPAA, ISO & PCI DSS Released

IRVINE, CA USA — HIT/HIPAA UPDATE NEWS SERVICE — MARCH 20, 2014: Compliance mandates, such as HIPAA and HITECH, as well as international security standards such as ISO 27000 and PCI DSS, require organizations to develop a comprehensive and actionable set of policies and supporting capabilities.

Date: 3/21/2014

ISSA Phoenix Features Pabrai Brief on BYOD & Compliance Mandates: Audit Ready? April 8, 2014

Compliance Mandates & BYOD: Audit Ready?

Compliance regulations, such as HIPAA and HITECH, as well as information security standards, such as PCI DSS, ISO 27000 and NIST, establish requirements for mobile device security

Date: 3/11/2014

iPCR Product from Forte, Validated as HIPAA Compliant by ecfirst

NEWPORT BEACH, CALIFORNIA USA â€“ March 4, 2014

Forte Holdings has combined technological expertise with input from medical workers to develop software that supports and improves patient care and administrative processes within the healthcare industry.

Date: 3/10/2014

Skagit County, Washington Breach Report Leads to OCR Investigation & HIPAA Fine

Skagit County, Washington, has agreed to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy, Security, and Breach Notification Rules. Skagit County agreed to a $215,000 monetary settlement and to work closely with the Department of Health and Human Services (HHS) to correct deficiencies in its HIPAA compliance program.

Date: 3/1/2014

Pabrai Compiles HIPAA Security Rule: Reference Guide, A Must Have Colorful Guide to HIPAA Compliance

IRVINE, CALIFORNIA, USA â€“ March 2, 2014: The HIPAA regulations require covered entities and business associates to comply with the HIPAA Security Rule. The HIPAA Security Rule: Reference Guide is a must have document that captures three core areas of information for each Standard defined in the mandate: Definition, Guidance Questions and Audit Readiness.

Date: 2/13/2014

Cyber Security & Compliance Expert Pabrai Discuss HIPAA Self Attestation Checklist @ HIMSS, Orlando, Feb 24-25

HIPAA (ecfirst) – The Final Privacy and Security Rules of HIPAA have escalated the compliancy efforts of every healthcare organization. ecfirst will present key components of the new regulations, outline penalties for non-compliance, and provide recommendations for planning, preparing and executing sound HIPAA compliance policies and procedures.

Date: 2/6/2014

Cyber Security Expert, Pabrai, Releases Self-Attestation Checklist for HIPAA Compliance

IRVINE, CALIFORNIA, USA â€“ Feb 6: We are surrounded by headlines every day about businesses and organizations compromised by cyber attacks. Security is only as strong as the weakest link and the hackers are having a field day with mining weak links in enterprise security.

Date: 2/6/2014

MARS-E, Exchange Security

DES MOINES, IOWA, USA â€“ February 6, 2014: There is no integrated, comprehensive approach to security and privacy that respects applicable federal requirements under FISMA, HIPAA, HITECH, ACA, the Privacy Act, Tax Information Safeguarding Requirements, and state and other federal regulations.

Date: 1/24/2014

Middle East Security Conference Features U.S. Cyber Security Expert Pabrai

IRVINE, CALIFORNIA, USA â€“ Jan 24, 2014: The recent massive data breach at U.S. retail giant Target is becoming a nightmare. Over 110 million impacted and details continue to emerge about Personally Identified Information (PII) compromised from credit card swipe machines and other systems.

Date: 1/16/2014

Pabrai Speaks on Cyber Security Threats in 2014 @ ASIS Middle East Security Conference in Dubai, UAE on February 17

Date: 12/30/2013

Unencrypted Thumb Drive Loss Leads to HIPAA Breach & Fine!

Date: 10/31/2013

QE India and ecfirst Partner to Deliver Information Security Services.

Date: 10/16/2013

OCR posts guide for disclosing PHI to law enforcement.

Date: 09/26/2013

HIPAA Final Rule Deadline has Passed. Prepared? Get Certified.

Date: 09/10/2013

Episource India Validated as HIPAA Compliant by ecfirst

Date: 09/04/2013

CHA™ & CSCS™ Program Confirmed for Bengaluru & Chennai, India in October 2013

Date: 09/02/2013

Pabrai to Deliver on Cyber Security @ The ASIS Middle-East Security Conference, Dubai, February 2014

Date: 08/16/2013

HIPAA/HITECH Fine of $1,215,780 for Copier Breach of PHI

Date: 08/09/2013

HIPAA PHI Breach by India Contractor

Date: 07/08/2013

Pabrai to Deliver Featured Address at The Hackers Conference, Delhi

Date: 07/08/2013

CIO’s Guide to Secure Texting in Healthcare, Complimentary Webinar by Imprivata & ecfirst’s Pabrai

Date: 07/03/2013

Compliance & Cyber Security Expert, Pabrai, Delivers HIPAA Compliance Workshop, in Chennai, India on July 11, 2013

Date: 06/06/2013

Conducting Vulnerability Assessments for HIPAA Compliance

Date: 05/25/2013

Pabrai Delivers Cyber Security Featured Brief at ICACCI Conference, August, 2013 in Mysore, India

Date: 05/23/2013

Webcast: Cyber Attacks from Shanghai. Prepared? Delivered by Expert Pabrai, May 24

Date: 05/09/2013

HIPAA Academy Certififcation Programs Updated for HIPAA Final Rule (Omnibus Rule)

Date: 02/27/2013

Webcast: HHS HIPAA Compliance & Cyber Security

Date: 02/11/2013

Webcast: Exec Brief on the HIPAA Final Rule

Date: 02/04/2013

HIPAA Final Rule Updates, Exec Brief PDF Now Available

Date: 1/14/2013

CSCS™ Program in India, April 17-18, 2013

Date: 01/14/2013

Massachusetts AG Fines Billing & Pathology Firms $140,000 for HIPAA Breach

BOSTON â€“ Former owners of a Marblehead-based medical billing practice and four pathology groups have agreed to collectively pay $140,000, settling allegations that sensitive medical records and confidential billing information for tens of thousands of Massachusetts patients were improperly disposed of at a public dump, Attorney General Martha Coakley announced today …

Date: 12/11/2012

Risk Analysis: Are You Compliant with HIPAA & HITECH Mandates? Risk Analysis: Are You Compliant with HIPAA & HITECH Mandates?

Date: 9/19/2011

Pabrai Delivers Applying ISO 27000 and NIST to Address Compliance Mandates: Step Through a Checklist at World Research Group Healthcare Innovation Conference in Chicago on September 29, 2010

Date: 8/17/2010

Opportunities for AI Risk Management Assessment and Certification with HITRUST, Pabrai Interview

CMMC Assessment Readiness Secrets, December 12, 2024

NY's Hospital Cyber Mandate: Beyond HIPAA December 5, 2024

AI Risk Management Program Launched by ecfirst, November 5, 2024

CMMC 101, Final Rule: A Brief

ecfirst Presents AI Cyber Risk, Opportunities for Credible Defense, Bahrain, October 20, 2024

OCR Settles Fourth Ransomware Cyber Investigation. Prepared? September 27, 2024

Keynote Speaker Pabrai on AI and Cyber Risk at HIMSS Iowa, November 13, 2024

ecfirst and DataSure24 present a CMMC Assessment and Certification webinar on October 16, 2024

ecfirst+ Packages for Policy, Certification Training, and Consulting

CMMC Secrets for the DIB: Examine Latest Updates for the CMMC Final Rule, Webinar, July 10, 2024

Certified CMMC Professional (CCP) Training at CEIC East

CMMC Secrets, Fast Track Readiness for Assessment

CMMC Secrets, Complimentary Webinar, Presented by CMMC Expert Ali Pabrai, May 30, 2024

ecfirst and GovBrief Collaborate on Decoding CMMC Webinars

ecfirst, A HITRUST Authorized External Assessor, Achieves r2 Certification

ecfirst Successfully Achieves Authorized CMMC C3PAO Designation

Performed an Online Tracking Assessment? OCR Mandate for HIPAA Compliance, Webinar, April 24, 2024

AI Risk Management with HITRUST Certification, Complimentary Webinar, April 4, 2024

CMMC, Post Comment, An ecfirst Insight

OCR Guidance for Change Healthcare Cyber-attack, March 13, 2024

Pabrai Presents AI Defense, Beyond Cyber, ISACA Phoenix, Tempe, AZ, April 11, 2024

ecfirst’s Ali Pabrai Selected by HITRUST to Serve on the HITRUST Authorized External Assessor Council, February 2024

AI Cyber Risk Brief by Pabrai, March 21, 2024

Pabrai Presents CMMC Brief at ISACA North America, Phoenix, Arizona

DoD Posts CMMC Video

AI Cyber Defense Academy Launched by ecfirst with Focus on Risk Management

Kno2 Achieves HITRUST r2 Certification

HIPAA OCR $4.75 Million Settlement for Compliance Violations

Pabrai Presents Beyond NIST, CMMC Certification, at CMMC Day, College Park, Maryland, May 6, 2024

CMMC Readiness, The First Step, An Interview with Ali Pabrai

CMMC Proposed Rule: Getting Prepared, An Interview with Ali Pabrai

Examine the Pentagon’s New CMMC Proposed Rule,Complimentary Webinar, February 2, 2024

Pabrai Delivers CCSA Program at the HIPAA Summit Preconference, January 31, 2024

AI Cyber Defense Webinar, Ali Pabrai, January 24, 2024

Examine the Pentagon’s New CMMC Proposed Rule, Webinar, January 5, 2024

MX2 Successfully Achieves HITRUST Certification with ecfirst as External Assessor

First OCR HIPAA Ransomware Settlement, October 31, 2023

Webinar—Beyond NIST, CMMC Certification: Fusion and Future, October 30, 2023

Connect with ecfirst at the Defense TechConnect Innovation Summit, Washington, DC, November 28, 2023

Pabrai Presents, Beyond NIST, CMMC Certification: Fusion and Future, November 9, 2023

Pabrai Presents, ecfirst Participates in the CMMC Summit, McLean, Virginia, November 8, 2023

Enabling a Robust Security Posture Through HITRUST Certification, HITRUST Alliance and Ali Pabrai

Pabrai Interview Describing CMMC Readiness Portal and OSC and DIB Preparedness for Assessment

Pabrai Delivers Brief on Zero Trust at HITRUST Collaborate 2023, Dallas, Texas

Pabrai Presents, Beyond NIST, CMMC Certification: Fusion + Future, Phoenix, Arizona, Oct. 12, 2023

Meet ecfirst at the CMMC Ecosystem Summit, McLean, VA, Nov 8, 2023

Cyber Risk Quantification, Beyond Risk Assessments, A HIMSS Iowa Event, June 30, 2023

HITRUST Certification: Options and Opportunities, May 2023

CMMC Panel Insight (Video), TechNet Conference, May 2023

CMMC Thought Leadership for Execs and Organizations Seeking Certification, Ali Pabrai Provides CMMC Insight

First Authorized Certified CMMC Assessor (CCA) Training Class Delivered

Alaska HCCA Conference Features Pabrai Brief on HITRUST: A Global Certification Standard

Virtual 40th National HIPAA Summit Agenda, March 2023

Roadmap for CMMC’s CCP and CCA Credential

ISACA Industry Spotlight | Ali Pabrai

SmartStory Successfully Achieves HITRUST Certification

The Cyber AB Approves ecfirst’s CMMC 2.0 CCA Certification Training Material

ecfirst Achieves HITRUST® i1 Certification for TRACERSM Asset Risk Management Platform

ecfirst Achieves HITRUST® Certification

Trionfo Solutions Achieves HITRUST® Certification

The Cyber AB Approves ecfirst’s CMMC CCP 2.0 Training Material

NIST Releases Updated Guidance for HIPAA, July 2022

Certified Cyber Security Architect℠ (CCSA℠) Confirmed with InfraGard (FBI), September 21 - 22, 2022

Decoding CUI: A Highly Valued Data Type and CMMC, ISACA, Ali Pabrai, April 2022

CMMC and CUI: Rocket Fuel, Pabrai Podcast

MX2 Technology, an ecfirst Client, Achieves HITRUST Certification

NorthCoast, an ecfirst Client, Achieves HITRUST Certification

About ecfirst – Unconditional Commitment to Our Clients, February 2022

CMMC 2.0 Cyber Framework Launched by US DoD, ISACA Industry News, Ali Pabrai

New! Achieve HITRUST i1 Certification in 2022, February 2, 2022

Certified HIPAA Professional (CHP) Virtual Training Program Confirmed, January 10, 12, & 14, 2022

Certified CMMC Professional (CCP) Virtual Training Program Confirmed, January 24 - 28, 2022

Certified Cyber Security Architect℠ (CCSA℠) Confirmed with InfraGard (FBI), January 26 - 27, 2022

Pabrai at ecfirst Achieves CMMC-AB Provisional Assessor (PA) and Provisional Instructor (PI) Designations

Certified Cyber Security Architect (CCSA) with FBI InfraGard and Delivered by Ali Pabrai, Jan 26 - 27, 2022

CMMC 2.0 | NIST Alignment & Certification Readiness, FBI InfraGard Workshop with Ali Pabrai, Dec 1, 2021

The Art of Preparing for CMMC Readiness: A U.S. DoD Cyber Mandates, Ali Pabrai Presents at ISACA Chicago, November 1, 2021

ecfirst Successfully Achieves CMMC C3PAO Candidate Status, October 28, 2021

ecfirst Achieves HITRUST^® i1 Certification for TRACER^SM Asset Risk Management Platform

ecfirst Achieves HITRUST^® Certification

Trionfo Solutions Achieves HITRUST^® Certification