TRENDING:

Legislation & Litigation , Standards, Regulations & Compliance

Analysis: Cybersecurity Law's Impact on Healthcare

HIMSS Legislative Expert Outlines Key Provisions and Their Implications Marianne Kolbasuk McGee (HealthInfoSec) • December 22, 2015     15 Minutes   
Analysis: Cybersecurity Law's Impact on Healthcare
Samantha Burch of HIMSS

The Cybersecurity Act of 2015 that President Obama signed into law last week is a critical first step toward helping the healthcare sector defend against breaches - and it will prove especially helpful to smaller organizations, says legislative expert Samantha Burch. She's senior director of Congressional affairs at the Healthcare Information and Management Systems Society.

"It really sets up rules of the road in terms of how [cyberthreat] information should be shared," she says. "It sets up for the first time what the underlying infrastructure would look like for the sharing of cyberthreat information, which HIMSS thinks is really an important first step ... to get better cyber information to the private sector, including healthcare organizations."

The new law, previously known as the Cybersecurity Information Sharing Act, contains three main provisions related to the healthcare sector, Burch says in an interview with Information Security Media Group. Those provisions include the development of:

  • A plan within each division of the Department of Health and Human Services spelling out responsibilities for addressing cyberthreats in the healthcare sector;
  • An HHS industry task force to examine, among other things, the cyber challenges facing the healthcare sector, as well as lessons the sector can learn from other industries;
  • A common set of voluntary consensus-based guidelines, best practices and methodologies to help healthcare organizations better address cyberthreats.

"The goal...is really to ensure that the tools and resources get to healthcare organizations to help them improve their cybersecurity," she says.

New Resources

A pipeline for making cyberthreat information readily available to the healthcare sector will be particularly beneficial to smaller healthcare entities, she says, because many cannot afford to pay the fees to join private cyber information sharing and analysis organizations.

"There's a really big need, especially in smaller and medium-sized provider organizations that may not be as resourced as the larger health systems [and that] may not have the sophistication and staff resources internally; we believe [they] can really benefit from having the tools and resources available to them."

In the interview, Burch also discusses:

  • Why the healthcare sector needs the government to develop a better way to provide timely alerts on emerging cyberthreats;
  • Ways the new law could potentially impact the healthcare sector in the longer term;
  • What action healthcare organizations should take in light of the new legislation.

As senior director of Congressional affairs, Burch leads HIMSS' efforts to identify, establish and strengthen partnerships with key Congressional offices and committees to advance health IT policy. Before joining HIMSS, Burch served as vice president of legislation and health IT at the Federation of American Hospitals and as a healthcare aide and press secretary for Rep. Al Green, D-Texas. She also worked with the American Cancer Society, AcademyHealth and as a policy fellow with the Ohio Department of Health.

Previous
Mitigating Mobile Risks in Healthcare
Next
The Evolution of User Behavior Analytics



Around the Network

Is It Generative AI's Fault, or Do We Blame Human Beings?
Is It Generative AI's Fault, or Do We Blame Human Beings?
Protecting Medical Devices Against Future Cyberthreats
Protecting Medical Devices Against Future Cyberthreats
Evolving Threats Facing Robotic and Other Medical Gear
Evolving Threats Facing Robotic and Other Medical Gear
Transforming a Cyber Program in the Aftermath of an Attack
Transforming a Cyber Program in the Aftermath of an Attack
How 'Security by Default' Boosts Health Sector Cybersecurity
How 'Security by Default' Boosts Health Sector Cybersecurity
Medical Device Cyberthreat Modeling: Top Considerations
Medical Device Cyberthreat Modeling: Top Considerations
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
Safeguarding Critical OT and IoT Gear Used in Healthcare
Safeguarding Critical OT and IoT Gear Used in Healthcare
Identity Security and How to Reduce Risk During M&A
Identity Security and How to Reduce Risk During M&A
Properly Vetting AI Before It's Deployed in Healthcare
Properly Vetting AI Before It's Deployed in Healthcare

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.com, you agree to our use of cookies.