All Posts

Most FemTech apps are not covered by HIPAA. Since Dobbs, the FTC has fined Premom, GoodRx, Flo, and BetterHelp for unauthorized health data sharing. Here is what your platform actually needs to get right.

42 CFR Part 2 enforcement began February 2026. If your behavioral health or mental health platform handles SUD records, HIPAA compliance is not enough. Here is what your architecture actually needs to pass a security review.

Compliance automation platforms make SOC 2 certification faster and more operationally manageable. But a certification doesn't tell a hospital CISO whether your controls hold up under real conditions. Here's how the three leading platforms compare — and what none of them cover.

SOC 2 readiness is often misunderstood as a compliance exercise. In reality, it’s what determines whether you pass enterprise security reviews or stall deals. This guide breaks down the real timeline from zero to Type I, including where most teams get blocked.

AI scribes are being adopted quickly across healthtech, and in most cases the product delivers. Very few deals fail at the product level. What stops them is the transition into IT and security review — where the conversation shifts from clinical value to data control, and where most vendors are underprepared.

ChatGPT Health aggregates, interprets, and centralises sensitive health data behind a single consumer account boundary. The encryption is real. The governance isn't. Here's what that means for security teams and healthcare organisations.

What 2025 revealed about cybersecurity in high-risk industries, from failing assumptions and credential exposure to cloud misconfigurations and GenAI risk.

AI is transforming how biotech and longevity companies interpret biomarkers, blood panels, and genomics — but the moment your AI starts informing diagnosis or clinical decisions, it becomes a regulated medical device. This guide breaks down the regulatory line, FDA/MDR implications, PCCP, cybersecurity requirements, and how to build compliant AI systems without slowing innovation.

Generative AI is transforming biotechnology — from drug discovery to genomics — but it is also creating a new class of cyberbiosecurity risks. As biological data, AI models, and laboratory systems converge, the attack surface expands beyond databases to the algorithms designing the next generation of medicine.

Anthropic’s latest report reveals a state-sponsored intrusion in which an AI system executed nearly the entire attack lifecycle autonomously. Using Claude Code, the threat actor automated reconnaissance, exploitation, credential harvesting, lateral movement, and data extraction at machine speed. This incident signals a major shift in how organisations must think about intrusion risk, detection windows, identity security, and continuous defence.

AI won’t replace cybersecurity professionals—but it will reshape how we defend. From automated alert triage to governance oversight, discover how human-AI collaboration will transform security operations, risk management, and compliance.

The EU AI Act, effective since August 2024, introduces the world’s first comprehensive legal framework for artificial intelligence. It defines strict obligations for high-risk AI systems, foundation models, and deployers across sectors like healthcare, finance, and legaltech. This guide breaks down what the Act requires, who it applies to, and how organizations can prepare for compliance — including cybersecurity, documentation, and conformity assessments.

In 2024, UnitedHealth’s Change Healthcare hack and 23andMe’s data breach exposed a shared weakness: broken authentication. From a missing MFA control to optional security features, both incidents show how fragile healthcare systems become when trust mechanisms fail. Here’s what went wrong — and how to build resilience before the next breach.

As biology becomes increasingly digital, the line between cybersecurity and biosecurity is disappearing. From genomic databases and lab automation to AI-designed proteins, the digital infrastructure of biology is under threat. This guide explains what cyberbiosecurity is, why it matters for biotech and healthtech, and how organizations can secure genomic data, lab systems, and AI pipelines against emerging cyber risks.

The NHS has faced a series of high-impact hacking attacks in recent years — from the infamous WannaCry ransomware outbreak in 2017 to the...

When we talk about “AI hacking,” we mean ethical testing — probing a system’s prompts, tools, data paths, and model behavior to uncover...

Sekurno has joined the CREST Pathway+ program — a milestone in our journey toward full CREST accreditation and higher standards in penetration testing.

Learn how to build secure GenAI architectures in HealthTech. Avoid HIPAA/GDPR pitfalls with identity, data, and compliance guardrails.

How can generative AI be used in cybersecurity? Practical uses in pentesting/AppSec, compliance automation, key tools, risks (phishing, prompt injection), and best practices.

Discover what we learned analyzing 50 biotech companies in 2025 — including critical cybersecurity risks like insecure APIs, leaked credentials, and misconfigured environments. This report highlights real-world threats to genomic data, HIPAA/GDPR compliance, and patient trust, with practical steps for biotech and healthtech teams to improve their security posture.