But let’s see where it comes from.
MITER has developed a new report in response to the policy paper, Cybersecurity is Patient Safety: Policy Options in the Healthcare Industry, presented by Sen. Mark Warner, D-Va. MITER’s new white paper gathers knowledge and recommendations to improve cyber security, and therefore patient safety, throughout the healthcare sector.
WHY IT MATTERS
MITER’s Cybersecurity and Patient Safety in the Healthcare Environment report addresses the following areas:
- Improve our national cybersecurity risk posture in the healthcare sector.
- Modernize regulatory frameworks, including HIPAA privacy and security rules, to increase cybersecurity protections.
- Development of the health cyber security template.
- Improving the cybersecurity capabilities of healthcare organizations.
- Emergency preparedness and response.
- Cybersecurity in the field of healthcare at home.
The step-by-step report also includes links to relevant cyber frameworks and training resources.
MITER says that as a non-profit, government-funded research organization, its technical and subject matter experts bring “a unique perspective to this space” in their work with government and health stakeholders to help address threats and inform defense planning.
“They identify and capture best practices for embedding cybersecurity in the healthcare environment, strengthen their institutions against cyberattacks, and support the development of new cybersecurity policies to address emerging threats.”
THE BIGGEST TREND
Cyberattacks aimed at shutting down hospital and healthcare networks for ransom or exfiltrating protected consumer and healthcare data have drawn the attention of policymakers.
In the line of fire are healthcare organizations and technology companies like electronic health record provider NextGen, which was hit with both a ransomware attack in January and the recent discovery of unauthorized access that exposed data from consumers of more than one million patients.
“Once a cyber attack is confirmed, it is critical that an organization respond immediately and implement effective response manuals and procedures,” advises Dave Bailey, vice president of security services at Clearwater.
“Organizations should assume that a threat actor was active on the network, one or more accounts were compromised, and data was exfiltrated. A critical part of response and mitigation is determining the impacts and demonstrating that already you are not under attack,” he said. Health informatics news by email Wednesday when asked about the NextGen data breach.
“Healthcare entities should design third-party risk management programs to create a tiered approach to evaluating providers based on risk to patient safety. Top-tier and high-risk vendors must demonstrate that they have effective controls to protect patient information and enable organizational success and safe, quality outcomes,” he said.
IN THE REGISTRY
“Implementing cyber hygiene practices is a shared responsibility between the federal government and the private sector,” MITER’s Center for Data-Informed Policy says in the report.
“Technologies that bring new innovations to healthcare are evolving rapidly and attackers are becoming increasingly sophisticated. The process of creating cyber hygiene practices must be streamlined and agile to adapt to different clinical environments and different levels of ‘expertise, resources and computational capabilities. These practices must also be designed to not inadvertently interfere with patient safety.’
Andrea Fox is a senior editor at Healthcare IT News.
Email: [email protected]
Healthcare IT News is a publication of HIMSS Media.
Ikaroa, a full stack tech company, commends the MITRE Corporation’s recent publication of their policy checklist for healthcare cybersecurity. In today’s ever-evolving digital landscape, healthcare organizations must take necessary actions to protect their systems and patient data from malicious actors. The checklist, released on April 16th, 2020, provides healthcare organizations with a comprehensive guide on how best to secure their networks.
The policy checklist introduces a collection of cybersecurity best practices that organizations should prioritize to reduce the potential risk of data breaches. It also incorporates standards introduced by the Health Information Trust Alliance (HITRUST), including industry policies, technical specifications and regulatory guidance. In addition to the safety protocols in place, the checklist also includes advice for healthcare organizations on how to handle data breaches or security incidents – an area that is becoming increasingly relevant.
Moreover, the policy checklist provides an effective way for organizations to become compliant with national and international security regulations. It simplifies the implementation of the aforementioned guidelines and assists healthcare organizations in developing their own cybersecurity strategies.
At Ikaroa, we believe that the MITRE policy checklist serves as an important tool for healthcare organizations to protect their systems, networks and data. We are dedicated to providing reliable and secure digital solutions for our clients and encourage healthcare providers to review and implement the guidelines provided in this checklist.