HHS releases voluntary Cybersecurity Practices guidance. Industry analysts drill down deeper.
As a requirement of the Cybersecurity Act of 2015, HHS released new voluntary cybersecurity practices aimed at cost effectively reducing cybersecurity risks for the healthcare industry on December 28. Known as the Health Industry Cybersecurity Practices (HICP): Managing Threats and Protecting Patients publication, the venture was a two-year effort that brought together more than 150 cybersecurity and healthcare experts and the government under the Healthcare and Public Health Sector Critical Infrastructure Security and Resilience Public-Private Partnership, says Ken Dort, a partner in Intellectual Property and Information Technology at the law firm Drinker Biddle & Reath LLP.
“Cybersecurity has become a leading issue for all institutions that rely on networked systems to store and share data,” says Steven Williams, shareholder at the law firm Munsch Hardt. “Over the last decade, healthcare providers have become increasingly automated and reliant on systems that allow providers to share patient data with other providers. Today, essentially every step of healthcare delivery involves recording and storing patient information digitally, and then allowing other providers within the delivery system to access that data.”
HHS’ guidelines identify five of the most current and common healthcare sector cybersecurity threats: e-mail phishing attacks; ransomware attacks; loss or theft of equipment or data; insider, accidental, or intentional data loss; and attacks against connected medical devices that may affect patient safety, says Bruce Armon, healthcare partner at the law firm Saul Ewing Arnstein & Lehr. The guidelines also identify 10 best practices for healthcare organizations to consider to mitigate these five cybersecurity threats.
Related article: Five Ways to Improve Your Health Organization’s Cybersecurity
Depending upon a healthcare organization’s size, (i.e., small, medium, or large) there are different cybersecurity best practices that an organization may wish to implement. “Each healthcare organization may have different cybersecurity vulnerabilities and elect different strategies to attempt to mitigate cybersecurity threats,” Armon says. “The guidelines are not a one-size-fits-all proposition.”
The guidelines are written and organized in a way that makes them more accessible to those who do not have technology expertise, from board and C-suite members to human resource directors and office managers to doctors, nurses, and claims analysts, says Elizabeth Litten, partner and HIPAA privacy and security officer at the law firm Fox Rothschild.
Here are five more things to know about the new guidelines.
Karen Appold is a medical writer in Lehigh Valley, Pennsylvania.
In this second part of a two-part podcast episode, Managed Healthcare Executive's Managing Editor Peter Wehrwein spoke with CeCi Connolly and Margaret "Meg" Murray about Medicare Advantage utilization and challenges, highlighting proposed CMS payment cuts and prior authorization issues.
Listen
2024 Emerging Leaders in Healthcare — Submit For a Chance to Be Featured in MHE's August Issue
March 26th 2024MHE Editors are seeking diverse healthcare professionals from different backgrounds and healthcare sectors, with individual interests. Eligible candidates are early or mid-career leaders with less than 10 years of experience. Award winners will enjoy complimentary passes to the PBMI Annual National Meeting in Orlando, Florida, from Sept. 4-6. Additional perks include a feature in our August issue, a subscription to MHE and more!
Read More
In this first part of a two-part podcast episode, Managed Healthcare Executive's Managing Editor Peter Wehrwein kicks off our new podcast series "DC Roundtable," with guests Margaret "Meg" Murray, CEO of the Association of Community Affiliated Plans, and member of MHE's Editorial Advisory Board, and CeCi Connolly, president and CEO of the Alliance of Community Health Plans, for a discussion on healthcare policy issues.
Listen
What States are Doing to Regulate Pharmacy Benefit Managers
March 26th 2024In a poster presented at the 2024 American Pharmacists Association Annual Meeting and Exposition, researchers found that state-level PBM reform focused on more transparent drug pricing, better patient access to prescription drugs, and more stringent auditing and reporting requirements.
Read More
FDA Approves Combination Therapy for Pulmonary Arterial Hypertension
March 26th 2024J&J’s Opsynvi is single-tablet combination of macitentan, an endothelin receptor antagonist, and tadalafil, a PDE5 inhibitor. It will be priced on parity with Opsumit, which is also a J&J product to treat patients with PAH.
Read More