This week, Hacking Healthcare™ breaks down what Health-ISAC members can expect from a revision to a National Institute of Standards and Technology (NIST) guidance document on HIPAA Security Rule implementation. Then, we provide a brief update on when to expect the upcoming Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) rule and what kind of feedback is being asked for.
This week, Hacking Healthcare™ catches up with the revision to the European Union’s Network and Information Security (NIS) Directive, NIS2. We review what NIS2 is, how Health-ISAC members may be affected, where NIS2 is in its implementation timeline, and what actions Health-ISAC members may wish to consider taking at this time.
This week, Hacking Healthcare™ examines the cybersecurity workforce issue. With the recent release of the United States’ National Cyber Workforce and Education Strategy, we wanted to examine how the United States and the European Union (EU) are attempting to address the growing shortage of skilled cybersecurity personnel. In our analysis section, we then explore what healthcare organizations may be able to do to maximize the talent available in the meantime.
This week, Hacking Healthcare™ examines the newest draft of the Cybersecurity Framework from the National Institute of Standards and Technology (NIST). We break down the changes to the current framework, how the framework intersects with the healthcare sector, and how members can influence its development going forward.
This week, Hacking Healthcare™ welcomes a guest essay on the what to make of the new Securities and Exchange Commission (SEC) final rule related to cybersecurity risk management, strategy, governance and incident disclosure.
This week, Hacking Healthcare™ examines the possibility of the Biden administration pursuing a general ban on ransomware payments as a means to disincentivize ransomware actors. We provide a brief background on the United States government’s policy towards ransomware, including the recent remarks that have brought the issue back to light, and then analyze why we think fears of a near term policy change to ban payments feels unlikely.
This week, Hacking Healthcare™ examines what the totality of recent Chinese cybersecurity, privacy, and counter-espionage laws and regulations means for the healthcare sector. We identify some of the more significant legislation that has been passed to increase government oversight of foreign organizations, outline the risks they create for healthcare organizations, and provide some recommendations on how to mitigate those risks.
This week, Hacking Healthcare™ examines the long awaited and recently agreed upon EU-US Data Privacy Framework. We breakdown what this agreement is, why it is needed generally and for the healthcare sector specifically, and whether or not it is likely to withstand the legal challenges that it is expected to face.
This week, Hacking Healthcare™ examines the newly released National Cyber Strategy Implementation Plan. We break down what this document is, analyze and provide background on the specific initiatives most likely to impact the healthcare sector, and suggest opportunities to engage or influence them.
This week, Hacking Healthcare™ takes a look at the position of the National Cyber Director within the United States government. We examine what the position is, why it’s a big deal that President Biden has not nominated anyone to officially fill the position for roughly five months, and what impact the delay may have on the healthcare sector.