KnowBe4 Simplifies Compliance Requirements for Healthcare Privacy

KnowBe4's Compliance Audit Readiness Assessment (CARA) now addresses select requirements from HIPAA Security Rule.

September 29, 2022

2 Min Read


TAMPA BAY, Fla., Sept. 27, 2022 /PRNewswire/ -- KnowBe4, the provider of the world's largest security awareness training and simulated phishing platform, today launched a new version of its Compliance Audit Readiness Assessment (CARA) that now covers select requirements for the Health Insurance Portability and Accountability Act (HIPAA) Security Rule to address healthcare privacy requirements.

Healthcare organizations around the world continue to inadequately protect sensitive protected health information (PHI). Between 2009 and 2021, 4,419 healthcare data breaches of 500 or more records have been reported to the U.S. Health and Human Services' (HHS) Office for Civil Rights. Those breaches have resulted in the loss, theft, exposure or impermissible disclosure of 314,063,186 healthcare records.

CARA is a complimentary, web-based tool that helps organizations assess their readiness for meeting compliance requirements. With this new version, IT and security professionals are guided through specific select requirements from the Health Insurance Portability and Accountability Act (HIPAA) Security Rule outlined by HHS. CARA asks security professionals to rate their readiness for each requirement and then provides an analysis of the results to help them define the controls they need in place before a compliance audit.

"Accessing confidential patient data is the cybercriminal's equivalent to discovering buried treasure, but it happens far more often than imaginable due to antiquated healthcare systems and security practices," said Stu Sjouwerman, CEO, KnowBe4. "Security professionals are overwhelmed with trying to comply with all of the healthcare security requirements through HIPAA. Our CARA tool now has the capability to help healthcare organizations become better prepared for compliance requirements related to the HIPAA Security Rule. This refreshed tool goes a long way towards simplifying the process of getting healthcare organizations adequately equipped for compliance audits."

The HIPAA Security Rule contains the standards to safeguard and protect electronically created, accessed, processed or stored PHI. The rule applies to any organization or system that has access to confidential patient data.

For more information on CARA, visit

About KnowBe4
KnowBe4, the provider of the world's largest security awareness training and simulated phishing platform, is used by more than 52,000 organizations around the globe. Founded by IT and data security specialist Stu Sjouwerman, KnowBe4 helps organizations address the human element of security by raising awareness about ransomware, CEO fraud and other social engineering tactics through a new-school approach to awareness training on security. Kevin Mitnick, an internationally recognized cybersecurity specialist and KnowBe4's Chief Hacking Officer, helped design the KnowBe4 training based on his well-documented social engineering tactics. Tens of thousands of organizations rely on KnowBe4 to mobilize their end users as their last line of defense.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights