HHS releases voluntary Cybersecurity Practices guidance. Industry analysts drill down deeper.
As a requirement of the Cybersecurity Act of 2015, HHS released new voluntary cybersecurity practices aimed at cost effectively reducing cybersecurity risks for the healthcare industry on December 28. Known as the Health Industry Cybersecurity Practices (HICP): Managing Threats and Protecting Patients publication, the venture was a two-year effort that brought together more than 150 cybersecurity and healthcare experts and the government under the Healthcare and Public Health Sector Critical Infrastructure Security and Resilience Public-Private Partnership, says Ken Dort, a partner in Intellectual Property and Information Technology at the law firm Drinker Biddle & Reath LLP.
“Cybersecurity has become a leading issue for all institutions that rely on networked systems to store and share data,” says Steven Williams, shareholder at the law firm Munsch Hardt. “Over the last decade, healthcare providers have become increasingly automated and reliant on systems that allow providers to share patient data with other providers. Today, essentially every step of healthcare delivery involves recording and storing patient information digitally, and then allowing other providers within the delivery system to access that data.”
HHS’ guidelines identify five of the most current and common healthcare sector cybersecurity threats: e-mail phishing attacks; ransomware attacks; loss or theft of equipment or data; insider, accidental, or intentional data loss; and attacks against connected medical devices that may affect patient safety, says Bruce Armon, healthcare partner at the law firm Saul Ewing Arnstein & Lehr. The guidelines also identify 10 best practices for healthcare organizations to consider to mitigate these five cybersecurity threats.
Related article: Five Ways to Improve Your Health Organization’s Cybersecurity
Depending upon a healthcare organization’s size, (i.e., small, medium, or large) there are different cybersecurity best practices that an organization may wish to implement. “Each healthcare organization may have different cybersecurity vulnerabilities and elect different strategies to attempt to mitigate cybersecurity threats,” Armon says. “The guidelines are not a one-size-fits-all proposition.”
The guidelines are written and organized in a way that makes them more accessible to those who do not have technology expertise, from board and C-suite members to human resource directors and office managers to doctors, nurses, and claims analysts, says Elizabeth Litten, partner and HIPAA privacy and security officer at the law firm Fox Rothschild.
Here are five more things to know about the new guidelines.
Karen Appold is a medical writer in Lehigh Valley, Pennsylvania.
2023 Drug Trend Report - Xevant
May 16th 2024To effectively navigate the changing pharmacy landscape and maintain a robust, cost-effective pharmacy benefit, you must understand the forces behind rising drug trend. What’s driving your costs and what can you do about it? As a leader in the PBM analytics space, we offer a unique perspective on pivotal trend drivers. Here’s what our comprehensive analysis revealed: -A surge in utilization rates across specialty and non-specialty drugs, magnified by anti-obesity therapies -Financial strain imposed by anti-inflammatory biologics and the yet-to-be-fulfilled -promise of biosimilar savings -Persistent price inflation driving higher costs year over year
Read More
Two Opdivo Updates from Bristol Myers Squibb
May 14th 2024First approved by the U.S. Food and Drug Administration (FDA) in 2014, Opdivo has multiple indications across various types of cancer, including NSCLC, melanoma, renal cell carcinoma, Hodgkin lymphoma, squamous cell carcinoma of the head and neck, and urothelial carcinoma.
Read More