Cybersecurity

The Federal Trade Commission's chief of privacy and identity protection is recommending the use of contracts and oversight of vendors to minimize the cybersecurity risks of handling medical information and personal health records.

The former director of the Obama administration's cybersecurity commission is cautioning the health industry about moving too quickly to data-driven innovations and automation without adequate security consideration, advice that comes as the industry faces increased ransomware and other denial of service attacks.

LAS VEGAS -- The National Institute of Standards and Technology within the next few weeks will request industry participation in a proposed project for improved security of patient imaging, archiving and communications systems, as part of a broader NIST effort to assist healthcare providers and device manufactures address the growing threat of cyber attacks.

A coalition of critical industry groups and technology companies is defending HHS' recent decision to establish a cyber-threat information sharing center, arguing the group would augment rather than duplicate info-sharing efforts by the Department of Homeland Security.

HHS is reviewing the regulatory and legal requirements that could prevent hospitals and other healthcare providers from collaborating with the government and among themselves in defending against evolving cyber threats, an issue that was highlighted in the wake of the WannaCry attacks last month, according to HHS officials.

The Trump administration’s HHS budget request would cut $6.19 million from the office responsible for enforcing data privacy and security requirements.

The departments of Homeland Security and HHS are scrambling, with the assistance of the tech sector, to promote the use of cybersecurity best practices in mitigating the effects of an ongoing global ransomware attack that began on Friday by targeting the United Kingdom’s health care system and other critical industries.

An HHS task force on cybersecurity argues laws and rules put in place to prevent fraud and abuse within the health care sector could be preventing cooperation on securing data and networks, and that lawmakers need to consider easing those requirements to encourage cybersecurity investments.

The issue of how to create a framework to address cybersecurity regulatory science gaps will be discussed at a public workshop next month held by FDA, National Science Foundation and Department of Homeland Security's Science and Technology Directorate, coming as FDA's device center pegs cybersecurity as one of its top 10 regulatory science gaps.