Moss Adams - Troy Hawes

Industry Expertise

Government Services Health Care Higher Education Life Sciences Technology Tribal & Gaming

Practice Focus

Cybersecurity Health Care Consulting IT Compliance Risk & IT Compliance

Biography

Troy has provided IT consulting services since 2001. He leads the firm’s HIPAA & HITRUST Compliance Services. Troy serves clients in a variety of industries including health care, technology, local and Tribal governments, and higher education.

Troy has extensive experience managing and leading technology security and compliance assessments using a number of different security frameworks including HITRUST CSF, HIPAA Privacy and Security Rules, NIST Cybersecurity Framework, NIST Special Publication 800-53, ISO 27002, Cloud Controls Matrix, Payment Card Industry Data Security Standards, and others. He leverages his cybersecurity experience to identify areas of potential risk and provide recommendations for remediation.

Troy is a frequent speaker and highly published thought leader on IT compliance and cybersecurity topics.

External Publications

Safeguard Sensitive Patient Data with HITRUST CSF Controls (Puget Sound Business Journal, May 2018)

Selected Speaking Engagements

Why IT Compliance Isn’t Enough to Keep Your Organization Safe
(Moss Adams Webcast, October 2020)
Cybersecurity for CFOs
(Moss Adams Webcast, October 2020)
Current State of Cybersecurity
(Annual Business Owners & Accounting Professionals, Bellingham, November 2018)
Are You Ready to Deal with a Cyberattack?
(Oregon Government Finance Officers Association (OGFOA) 2018 Fall Conference, October 2018)
Are You Ready for GDPR?
(International Association of Independent Accounting North America Conference, August 2018)
All You Need to Know about Cybersecurity
(International Association of Independent Accounting North America Conference, August 2018)
Integrating Cyber Security and Business Continuity to Ensure Continued Operations
(NTCA 2018 Finance & Accounting Conference, August 2018)
GDPR Disruption: Are You Prepared for the Impact and Changes?
(Dallas Chapter Technology CFO Series, April 2018)
Emerging Cyber Threats to Casinos
(National Indian Gaming Conference, April 2018)
Internal Controls: Top Reasons Your Tribe Got Hacked
(Native American Finance Officers Association Conference, April 2018)
Cybersecurity Best Practices Using the NIST Framework
(Western Telecommunications Alliance Spring Conference, March 2018)

Professional Affiliations

Member, Information Systems Audit and Control Association
Member, International Information Systems Security Certification Consortium
Member, Cloud Security Alliance
Member, Health Information Trust Alliance
Member, Payment Card Industry Security Standards Council

Insights from Troy Hawes

Health Care Organizations: Reduce Cybersecurity Threats

Protect your health care organization from cyber risks when you integrate IT, legal, and risk management teams. Learn more.

Protect Money, Data, and Compliance with Good Vendor Risk Management

Take steps to protect your health care organization by utilizing vendor risk management frameworks and developing a risk-management program.

Proposed Changes to HIPAA Security Rule to Enhance Cybersecurity for ePHI

Learn how a proposed HIPAA rule strengthens protections for electronic protected health information (ePHI).

Health Care Third-Party Vendor Risk Management

Protect your organization from vendor-related cyberthreats by maintaining strong security and compliance programs. Learn more.

Safeguarding Health Care: Defend Against Data Breaches

Navigate the emerging threat landscape and learn more about risk assessment and mitigation to better safeguard against breaches.

Health Care C-Suite: Mitigate Cyberthreats Today

Mitigate risk of common cyberthreats in the health care industry and explore strategies to better protect patient data.

Increase Cybersecurity in Health Care with Safety-Boosting Strategies

Discover strategies health care organizations can implement to protect against cyberattacks and safeguard digital assets.

14 Steps to Develop a Tailored Solution to Combat Cybersecurity Threats

Safeguard your digital assets by creating a tailored cybersecurity solution based on 14 key security areas.

Q&A: Are You Checking All the Boxes of the HHS Newest Cybersecurity Plan?

Reinforce cyber defenses for your health care organization with new cybersecurity performance goals from HHS.

$374.9 Million to Enhance State, Local, and Tribal Cybersecurity Funding

Increased funding from the State and Local Cybersecurity Grant Program (SLCGP) is meant to improve cybersecurity protection.

Protect Health Data: SOC Controls, HIPAA, and HITRUST Compliance Intersect

Health care organizations can leverage System and Organization Controls (SOC), HIPAA, and HITRUST frameworks to maintain security and compliance.

HITRUST CSF Version Update and New Assessment Types

Ready to upgrade your HITRUST certification? Check out the new information for HITRUST assessments and version 11 here.

The Power of Risk Assessments in a Slow Economy

Performing a risk assessment can help protect your company from potential threats. Learn more in our webcast.

Updates to the GLBA Safeguards Rule for Higher Education

New Gramm-Leach-Bliley Act (GLBA) Safeguards Rule requirements for higher education institutions are in effect. Learn more.

Health Care: Cybersecurity Risk is a Business Risk

Health care organizations are a common target for cyberattacks. Explore strategies to mitigate your cyberthreats and risk.

5 Tips for Wineries to Protect Their Business Against a Cyberattack

Explore five strategies to protect your assets and customers’ data, including employee training, penetration tests, and more.

The 6 Intangible Costs of a Cyberbreach

Breaches can cost more than just lost data or access to systems. Learn tips to protect your organization.

Overview of APIs: Value, Benefits, and How to Avoid Vulnerabilities

Application Programming Interfaces offer quick transfer of information, but need to be properly inventoried. Learn details.

Identify Top Cybersecurity Threats and Protect Your Organization

Learn to protect your organization with a more stringent cybersecurity strategy.

How Security Governance Can Help Protect You from Cyberthreats

Create a framework that can protect and secure your organization’s most valuable asset—its data.

Prepare for Emergencies with Business Continuity and Disaster Recovery Plans

Business continuity and disaster recovery plans can help your company prepare for and resume business after an unexpected event.

Cybersecurity Impacts on M&A: The Importance of Due Diligence During COVID-19

Cybersecurity due diligence is always a key M&A factor, but COVID-19 disruption makes it even more important. Learn more.

Protect Your Tribal Entity Against Increased Email Fraud During COVID-19

Email fraud has increased by 300% during COVID-19. Learn steps to identify fraudulent emails and thwart an attack.

HIPAA Safe Harbor Law Requires HHS to Incentivize Cybersecurity

The HIPAA Safe Harbor Law incentivizes cybersecurity best practices for health care entities. Learn more.

What to Know About the Microsoft Exchange Hack

Learn details of the high-profile attack and steps your organization can take if impacted as well as other cybersecurity measures.

CCPA and GDPR: Consumer Privacy Policy Requirements and Steps to Stay Compliant

Learn about consumer privacy requirements that could impact your company and crucial compliance steps to prevent penalties.

Why Existing Compliance Programs Won’t Always Protect You from IT Risk

Don’t rely on a check-the-box strategy to mitigate threats and vulnerabilities. Bolster existing compliance programs.

Why IT Compliance Isn’t Enough to Keep Your Organization Safe

Meeting regulatory compliance requirements is a must for many organizations, however, it’s often not enough to identify all technology risks within an organization. Organizations may not have identified threats and vulnerabilities to critical assets. Due to the impacts of COVID-19, those risks have expanded beyond the physical confines of a business. Now, it’s even more important for organizations to assess IT risks within their environments.

Top Solutions to Common Cybersecurity Threats in Telemedicine

The use of telehealth platforms has led to more cybersecurity threats. Learn how you can manage the increased risk and bolster security.

3 Tips to Stay Compliant with the California Consumer Privacy Act

Most companies with operations or customers in California will need to comply with new rules for collecting consumer information. Learn how to prepare.

Help Protect Your Winery from Cyberthreats Using These Key Strategies

Help your winery reduce damage caused by top-trending cyberthreats by following these key steps.

Five Tips to Protect Your Company from Data Breaches

Learn how to identify and protect your company’s sensitive data through employee training, user access reviews, response plans, and more.

Stay Ahead of Cybersecurity Breaches and Off the Media’s Radar

Stolen data is extremely profitable. As cyberattacks become more prolific and publicized, it’s easy to conclude that the question becomes not if, but when information will be compromised. Moss Adams can help you stay one step ahead.

Is Your Organization Vulnerable to Cyberattacks? Find Out with a Red Team Penetration Assessment

Before a hack or cyberthreat occurs, a red team penetration assessment can help management teams identify system weaknesses.

What You Need to Know About Cybersecurity before Starting Due Diligence

Learn how technology companies planning for an exit can benefit from strengthening their cybersecurity efforts prior to a due-diligence review.

FSA Updates Cybersecurity Compliance FAQs

The Federal Student Aid senior advisor of cybersecurity updated the Cybersecurity Compliance FAQs.

How to Improve Cybersecurity and Protect Your Organization

A stringent cybersecurity strategy helps prevent breaches, which are often the result of improperly secured systems and lack of awareness.

SOC for Cybersecurity: How to Check the State of Your Cyberrisk Program and Build Stakeholder Confidence

Mitigate cyber threats and build stakeholder confidence with a SOC for Cybersecurity audit.

Preparing for Compliance with the General Data Protection Regulation

An overview of the General Data Protection Regulation and key considerations for organizations needing to be compliant.

Protect Your Data on Amazon S3: Security Permissions and Best Practices

Mismanagement of Amazon S3 permissions settings can cause significant data leaks. Learn how to mitigate the risk.

Protect Patient Data by Executing Best Practices and Controls with the HITRUST CSF

Learn why health care organizations are vulnerable to cyberthreats and how best practices with the HITRUST CSF can help protect valuable data.

Baker Tilly US, LLP, Baker Tilly Advisory Group, LP and Moss Adams LLP and their affiliated entities operate under an alternative practice structure in accordance with the AICPA Code of Professional Conduct and applicable laws, regulations and professional standards. Baker Tilly Advisory Group, LP and its subsidiaries, and Baker Tilly US, LLP and its affiliated entities, trading as Baker Tilly, are members of the global network of Baker Tilly International Ltd., the members of which are separate and independent legal entities. Baker Tilly US, LLP and Moss Adams LLP are licensed CPA firms that provide assurance services to their clients. Baker Tilly Advisory Group, LP and its subsidiary entities provide tax and consulting services to their clients and are not licensed CPA firms. ISO certification services offered through Moss Adams Certifications LLC. Investment advisory offered through either Moss Adams Wealth Advisors LLC or Baker Tilly Wealth Management, LLC.