Strategic insights on healthcare IT, cybersecurity, HIPAA compliance, and resilient operations from the Byzantine Technologies team.https://www.byztech.com/en-us© 2026 Byzantine Technologies LLChttps://www.byztech.com/blog/device-code-phishing-mfa-bypass-healthcare/https://www.byztech.com/blog/device-code-phishing-mfa-bypass-healthcare/Device code phishing hijacks Microsoft 365 mailboxes without stealing a password — and standard MFA doesn't stop it. What it means for healthcare practices.Mon, 01 Jun 2026 00:00:00 GMTHIPAAMFAPhishingMicrosoft 365HealthcareByzantine Technologieshttps://www.byztech.com/blog/vendor-risk-management-small-healthcare-practices/https://www.byztech.com/blog/vendor-risk-management-small-healthcare-practices/Your patient data flows through dozens of outside companies. A practical way for a small practice to manage third-party and vendor risk on a real budget.Mon, 01 Jun 2026 00:00:00 GMTHIPAAVendor RiskBAAThird-Party RiskHealthcareByzantine Technologieshttps://www.byztech.com/blog/backup-strategy-3-2-1-1-0/https://www.byztech.com/blog/backup-strategy-3-2-1-1-0/The 3-2-1 rule was the gold standard for decades. Modern ransomware exposed its weakness. Here is why healthcare practices need to move to 3-2-1-1-0 — and how to know your backups will actually work when everything goes wrong.Sun, 31 May 2026 00:00:00 GMTBackupData ProtectionRansomwareDisaster RecoveryHIPAAByzantine Technologieshttps://www.byztech.com/blog/mfa-for-healthcare-where-it-matters/https://www.byztech.com/blog/mfa-for-healthcare-where-it-matters/Multi-factor authentication is the single highest-leverage security control a medical or dental practice can deploy. Here is where it matters most — and the gaps that quietly leave clinics exposed.Sun, 31 May 2026 00:00:00 GMTHIPAAMFAPasswordlessHealthcareSecurityByzantine Technologieshttps://www.byztech.com/blog/guest-wifi-should-never-touch-clinical-network/https://www.byztech.com/blog/guest-wifi-should-never-touch-clinical-network/A flat network is a quiet liability. Here is why network segmentation — keeping guest Wi-Fi, patient devices, IoT, and medical equipment away from clinical systems — is one of the most important architecture decisions a practice makes.Fri, 29 May 2026 00:00:00 GMTNetwork SecuritySegmentationHealthcareHIPAAByzantine Technologieshttps://www.byztech.com/blog/cyber-insurance-hipaa-new-baseline/https://www.byztech.com/blog/cyber-insurance-hipaa-new-baseline/Cyber insurers now expect MFA, EDR, tested backups, patching, incident response, and vendor oversight before they'll write a policy. The good news: those same controls map directly to HIPAA expectations.Tue, 26 May 2026 00:00:00 GMTCyber InsuranceHIPAAHealthcareRisk ManagementByzantine Technologieshttps://www.byztech.com/blog/hipaa-security-rule-2026-what-practices-need-to-know/https://www.byztech.com/blog/hipaa-security-rule-2026-what-practices-need-to-know/There are two layers to the HIPAA Security Rule landscape in 2026: the current enforceable rule and a proposed update from HHS. Here is a calm, practical breakdown of what's required today and what's coming.Thu, 21 May 2026 00:00:00 GMTHIPAAComplianceSecurity RuleHealthcareByzantine Technologieshttps://www.byztech.com/blog/risk-analysis-cannot-be-a-checkbox/https://www.byztech.com/blog/risk-analysis-cannot-be-a-checkbox/A HIPAA risk analysis is not a form to fill out once a year. It's a structured process of technical discovery, ePHI mapping, vulnerability assessment, and remediation tracking — and the difference matters when OCR comes asking.Sat, 16 May 2026 00:00:00 GMTHIPAARisk AnalysisComplianceHealthcareByzantine Technologieshttps://www.byztech.com/blog/where-is-your-ephi-asset-inventories-network-maps/https://www.byztech.com/blog/where-is-your-ephi-asset-inventories-network-maps/Most clinics dramatically underestimate how many systems touch protected health information. A current asset inventory and network map are the foundation of security — and an expected control under the proposed HIPAA rule.Tue, 12 May 2026 00:00:00 GMTHIPAAAsset InventoryNetwork MapHealthcareByzantine Technologieshttps://www.byztech.com/blog/72-hour-recovery-conversation-healthcare/https://www.byztech.com/blog/72-hour-recovery-conversation-healthcare/If your systems went down right now, how would you still see patients? A practical look at downtime, backups, EHR access, phones, imaging, claims, prescriptions, and emergency-mode operations.Thu, 07 May 2026 00:00:00 GMTBusiness ContinuityDisaster RecoveryHealthcareHIPAAByzantine Technologieshttps://www.byztech.com/blog/encryption-at-rest-and-in-transit-doctors-office/https://www.byztech.com/blog/encryption-at-rest-and-in-transit-doctors-office/Encryption sounds technical, but for a practice it comes down to concrete questions about laptops, servers, email, backups, cloud storage, VPNs, and messaging. Here's what the terms actually mean for you.Sat, 02 May 2026 00:00:00 GMTEncryptionHIPAAHealthcareSecurityByzantine Technologieshttps://www.byztech.com/blog/hipaa-incident-response-first-24-hours/https://www.byztech.com/blog/hipaa-incident-response-first-24-hours/When a security incident hits a practice, the first 24 hours shape everything that follows. A practical guide to reporting paths, containment, escalation, insurer notice, evidence handling, and keeping patient care going.Mon, 27 Apr 2026 00:00:00 GMTIncident ResponseHIPAAHealthcareSecurityByzantine Technologieshttps://www.byztech.com/blog/business-associates-baas-msps-who-is-responsible/https://www.byztech.com/blog/business-associates-baas-msps-who-is-responsible/A signed Business Associate Agreement does not magically make a vendor secure. Here's what a BAA actually does, what it doesn't, and why your practice still needs real oversight and documentation.Wed, 22 Apr 2026 00:00:00 GMTHIPAABusiness AssociatesVendor ManagementComplianceByzantine Technologieshttps://www.byztech.com/blog/digital-strategikon-origins/https://www.byztech.com/blog/digital-strategikon-origins/How a 6th-century Byzantine military manual on defense-in-depth and layered fortification maps perfectly onto modern cybersecurity doctrine.Tue, 12 Aug 2025 00:00:00 GMTHistoryStrategyByzantineByzantine Technologieshttps://www.byztech.com/blog/modern-it-operations-best-practices/https://www.byztech.com/blog/modern-it-operations-best-practices/A practical framework for healthcare practices to manage IT operations in 2025 — monitoring, automation, patching, and building resilience without an enterprise budget.Mon, 30 Jun 2025 00:00:00 GMTIT OperationsMonitoringAutomationByzantine Technologieshttps://www.byztech.com/blog/hipaa-compliance-for-small-clinics/https://www.byztech.com/blog/hipaa-compliance-for-small-clinics/A plain-English breakdown of HIPAA's four rules, what they mean for small practices, and where to focus your compliance energy first.Sat, 14 Jun 2025 00:00:00 GMTHIPAAComplianceHealthcareByzantine Technologieshttps://www.byztech.com/blog/edr-vs-antivirus-what-to-choose/https://www.byztech.com/blog/edr-vs-antivirus-what-to-choose/Traditional antivirus catches known threats. EDR catches what antivirus misses. Here's what the difference means for a healthcare practice in 2025.Sat, 31 May 2025 00:00:00 GMTCybersecurityEDRAntivirusByzantine Technologieshttps://www.byztech.com/blog/cost-optimization-in-cloud-and-on-prem/https://www.byztech.com/blog/cost-optimization-in-cloud-and-on-prem/Healthcare practices often overpay for IT infrastructure or underpay in ways that create risk. Here's how to find and close those gaps strategically.Wed, 14 May 2025 00:00:00 GMTCost OptimizationCloudInfrastructureByzantine Technologieshttps://www.byztech.com/blog/voip-reliability-and-call-quality/https://www.byztech.com/blog/voip-reliability-and-call-quality/Poor call quality in a healthcare practice isn't just an annoyance — it disrupts patient communication and erodes trust. Here's how to engineer VoIP that actually works.Wed, 30 Apr 2025 00:00:00 GMTVoIPHealthcareCommunicationsByzantine Technologieshttps://www.byztech.com/blog/security-awareness-that-actually-works/https://www.byztech.com/blog/security-awareness-that-actually-works/Annual click-through training satisfies an auditor but doesn't change behavior. Here's what security awareness that actually reduces risk looks like in a healthcare practice.Mon, 14 Apr 2025 00:00:00 GMTSecurity TrainingCybersecurityHuman FactorsByzantine Technologieshttps://www.byztech.com/blog/building-a-secure-remote-work-stack/https://www.byztech.com/blog/building-a-secure-remote-work-stack/A VPN alone doesn't make remote work secure. Here's how healthcare practices can build a remote access architecture that protects ePHI without destroying the user experience.Fri, 14 Mar 2025 00:00:00 GMTRemote WorkSecurityVPNByzantine Technologies