Cybersecurity

HHS and the healthcare industry issued cybersecurity “best practices” that focus on baseline measures such as protecting emails, limiting system access and developing incident response plans -- based on a pre-testing process intended to assess the effectiveness of the security guidelines.

The American Hospital Association and a wide range of health care stakeholders urged congressional leaders to pass a key health security bill before the end of the lame-duck session, arguing that, without reauthorization from lawmakers, essential HHS emergency preparedness authorities will expire and gaps in federal response programs will remain unfilled.

HHS has rebranded its cybersecurity center to distinguish it in the department's efforts to defend the health care sector's information technology infrastructure, an HHS spokesperson told Inside Health Policy.

A key House health care committee suggested Tuesday that Congress bolster efforts by federal regulators to get medical device makers and other industries to ferret out cybersecurity vulnerabilities by offering a liability shield for independent cybersecurity researchers when vulnerabilities are reported, and by helping to distinguish between hacking and good-faith efforts to discover security lags.

An array of stakeholders voiced their support for the cross-industry role laid out in a set of sweeping cybersecurity initiatives unveiled by FDA Commissioner Scott Gottlieb this week, including new cybersecurity information sharing agreements, a playbook for hospitals to prepare for cybersecurity breaches and plans for an updated agency guidance document.

The House on Tuesday (Sept. 25) passed its hazard preparedness reauthorization bill by voice vote.

A major hospital group says FDA needs to step up and mandate cybersecurity for medical devices, a move intended to address risks related to legacy products that can't be updated or adequately patched as Congress considers steps to protect patients from cyber attacks.

In an unusual show of bipartisanship, key lawmakers from the Senate and House sent a letter to HHS Secretary Alex Azar that castigates the department for failing to follow through on key provisions of the Cybersecurity Act of 2015, which tasked HHS with developing industry-based approaches to mitigating cyber attacks.

FDA is seeking $70 million to create a Center of Excellence on Digital Health, which would be tasked with crafting a new regulatory approach toward these products, akin to what FDA is already piloting with its software pre-cert program, according to budget material sent to congressional appropriators.