web analytics

New Guides Aim to Help Health Sector Beef Up Cyber, Privacy – Source: www.databreachtoday.com

new-guides-aim-to-help-health-sector-beef-up-cyber,-privacy-–-source:-wwwdatabreachtoday.com
Rate this post

Source: www.databreachtoday.com – Author: 1

HIPAA/HITECH
,
Standards, Regulations & Compliance

HHS OCR, NIST Finalize HIPAA Cyber Guide; HSCC Issues Security, Privacy Resource

Marianne Kolbasuk McGee (HealthInfoSec) •
February 19, 2024    

New Guides Aim to Help Health Sector Beef Up Cyber, Privacy
Image: HHS, NIST

Two new guidance resources – one from government regulators and the other from an industry council – aim to help healthcare sector firms strengthen their approaches to protecting sensitive patient information and critical IT systems. The publications come as the Biden administration is pushing the sector to up its cyber game.

See Also: Live Webinar | Securing the Cloud: Mitigating Vulnerabilities for Government

One of the documents is a joint publication, “Special Publication 800-66 Revision 2, Implementing the HIPAA Security Rule,” released by the Department of Health and Human Services’ Office for Civil Rights and the National Institute of Standards and Technology on Friday.

The other document, also issued Friday, from the Healthcare and Public Health Sector Coordinating Council’s Cybersecurity Working Group, is a guide to help healthcare sector entities better address “disconnects” between their privacy and cybersecurity functions “for improved overall compliance and operational efficiencies and effectiveness.”

HIPAA/NIST CSF Crosswalk Guide

The new joint HHS OCR/NIST resource is meant to help HIPAA-covered entities and business associates map the HIPAA Security Rule’s standards and implementation specifications to NIST Cybersecurity Framework subcategories and SP 800-53r5 security controls.

It is a finalized version of a draft guidance HHS OCR and NIST released in July 2022, and it supersedes an earlier, introductory HIPAA guide NIST released in 2008 (see: NIST Maps Cybersecurity Framework to HIPAA Security Rule).

As a supplement to the joint guidance, NIST posted on its website Friday an updated listing of available NIST resources to help healthcare sector entities address cybersecurity issues pertaining to specific topics. These resources address telehealth, mobile devices, IoT, medical devices, ransomware and phishing, cloud services, and application security.

The release of the joint HHS OCR/NIST guidance is the latest action by HHS supporting the Biden administration’s evolving strategy to improve healthcare sector cybersecurity, which was outlined in a concept paper in December (see: Biden Administration Issues Cyber Strategy for Health Sector).

In January, also as part of the administration’s strategy, HHS published a guidance paper detailing voluntary “essential” and “enhanced” cybersecurity performance goals for the healthcare sector (see: HHS Details New Cyber Performance Goals for Health Sector).

“Regulated entities should consider that employing cybersecurity practices can not only help a HIPAA-regulated entity comply with the Security Rule but can also assist with compliance with other federal mandates,” the HHS OCR/NIST guidance says.

“Those other mandates include the Medicare Promoting Interoperability Program, which requires an annual risk assessment to avoid Medicare financial penalties, and forthcoming cyber incident reporting mandates from the Cybersecurity and Infrastructure Security Agency as required by the Cyber Incident Reporting for Critical Infrastructure Act of 2022,” the document says.

HHS said it is planning to issue a proposed update to the HIPAA Security Rule in the spring, as well as other potential new regulatory actions.

HSCC Privacy, Security Guide

The new guide from HSCC – a public-private industry council of more than 400 healthcare sector entities and 19 government agencies – aims to help organizations better address factors that contribute to disharmony between their privacy and security efforts.

HSCC’s new guide aims to help bridge gaps between privacy and security teams within healthcare sector entities. (Image: HSCC)

“Factors ranging from organizational structure to conflicting priorities can lead to disconnect between Privacy and Security, increasing organizational risk,” HSCC said in a statement.

The intended audience for the guidance includes healthcare privacy, security, and compliance leaders; their teams; and others “looking to develop best practices for privacy and security programs and policies,” HSCC said.

The publication provides healthcare sector entities with assistance in addressing privacy and security friction in several areas, including helping entities identify intersections, interdependencies, and regulatory and operational distinctions between enterprise privacy and security disciplines; spotlighting challenges and risks that arise from gaps and misalignments between privacy and security functions and priorities; and recommending options for frameworks, best practices and measures to address those issues.

The guide “provides practical suggestions of collaborative practices” to help healthcare sector entities’ privacy and security organizations work together more “proactively and cohesively,” HSCC said.

Original Post url: https://www.databreachtoday.com/new-guides-aim-to-help-health-sector-beef-up-cyber-privacy-a-24392

Category & Tags: –

Views: 0

LinkedIn
Twitter
Facebook
WhatsApp
Email

advisor pick´S post

Codrut Andrei
Cybersecurity Talent Crisis Today and Tomorrow by Codrut Andrei
Cybersecurity Talent Crisis Today and...
SCYTHE
Better Cybersecurity Metrics – SOC Metrics – Threat Hunting Metrics – Cyber Threat Intelligence (CTI) Metrics – Incident Response (IR) Metrics for CISOs by SCYTHE
Better Cybersecurity Metrics – SOC...
ACSC Australia
Personal Cyber Security First Steps by Australian Government – ACSC
Personal Cyber Security First Steps...
Joas Antonio
100 Security Operation Tools for SOCs by Joas Antonio
100 Security Operation Tools for...
Joas Antonio
Guide for Multi-Cloud Read Team AWS – GCP – AZURE by Joas Antonio
Guide for Multi-Cloud Read Team...
SANS
SANS Faculty Cybersecurity Free Tools – SANS Instructors have built more than 150 open source tools that support your work and help you implement better security.
SANS Faculty Cybersecurity Free Tools...
Marcos Jaimovich
The Silent Spectre Haunting Your Network: QPhishing, the CISO’s Unspoken Nightmare.
The Silent Spectre Haunting Your...
Marcos Jaimovich
Goodbye to Traditional: Why Conventional Cybersecurity Tools are No Longer Sufficient for the Future of Digital Threats ?
Goodbye to Traditional: Why Conventional...
Marcos Jaimovich
Why do we compare a SOC (Security Operations Center) with the cockpit of a commercial airplane? by Marcos Jaimovich
Why do we compare a...
Joas Antonio
Security Operations Center (SOC) – Tools for Operations Development by Joas Antonio
Security Operations Center (SOC) –...
IZZMIER
Incident Response Playbooks & Workflows Ready for use in your SOC & Redteams
Incident Response Playbooks & Workflows...
LOGPOINT
396 Use Cases & Siem Rules Code ready for use for Mitre Attacks Events Detection in Your SOC by Logpoint
396 Use Cases & Siem...

LASTEST PUBLISHED POSTS

CASOS DE USO APLICABLES EN UN SIEM
CASOS DE USO APLICABLES EN...
IGNITE Technologies
Burp Suite for Pentester
Burp Suite for Pentester
The Institute of Internal auditors
Auditing Risk Culture
Auditing Risk Culture
DevSecOps Guide
ATTACKING PHP APPLICATIONS
ATTACKING PHP APPLICATIONS
DevSecOps Guide
ATTACKING KUBERNETES WITH SECURITY BEST PRACTICE
ATTACKING KUBERNETES WITH SECURITY BEST...
CLTC WHITE PAPER SERIES
Guidance for the Development of AI Risk and Impact Assessments
Guidance for the Development of...
Active Directory
Active Directory IT AuditChecklist
Active Directory IT AuditChecklist
A guide to business continuity planning
A guide to business continuity...
LOG RHYTHM
Using MITRE ATT&CK™ in Threat Huntingand Detection
Using MITRE ATT&CK™ in Threat...
Kaspersky
H2 2023 – A brief overviewof main incidentsin industrial cybersecurity
H2 2023 – A brief...
Andrey Prozorov
24 Great Cybersecurity Frameworks
24 Great Cybersecurity Frameworks
ENISA-EUROPA
SEGURIDAD DE TELECOMUNICACIONES
SEGURIDAD DE TELECOMUNICACIONES

More Latest Published Posts

SF-ISAC
Digital Operational Resilience Act
Digital Operational Resilience Act
SYNGRESS
DIGITAL FORENSICS WITH Open Source TOOLS
DIGITAL FORENSICS WITH Open Source TOOLS
IT REVOLUTION DEVOPS ENTERPRISE FORUM
DevOps Automated Governance Reference Architecture
DevOps Automated Governance Reference Architecture
SANS GIAC CERTIFICATIONS
Detecting Attacks on Web Applications from Log Files
Detecting Attacks on Web Applications from Log Files
EUROPEAN DATA PROTECTION SUPERVISOR
ANNUAL REPORT 2023
ANNUAL REPORT 2023
TechTarget
IT Disaster Recovery Plan Template
IT Disaster Recovery Plan Template
Opstune
IOC Scan Framework v2.0
IOC Scan Framework v2.0
Federal Office for Information Security
Indirect Prompt Injections
Indirect Prompt Injections
the Department of the Environment Climate and Communications
Guidelines on CyberSecurity Specifications
Guidelines on CyberSecurity Specifications
Edelman
INCIDENT RESPONSE REFERENCE GUIDE
INCIDENT RESPONSE REFERENCE GUIDE
Security METRICS
Security Metrics Guide to PCI DSS Compliance
Security Metrics Guide to PCI DSS Compliance
SOC TIPS Cybersecurity
Guia de Resposta a Incidentes de Segurança para LGPD
Guia de Resposta a Incidentes de Segurança para LGPD
CDCP
FIREWALL Audit CHECKLIST
FIREWALL Audit CHECKLIST
GitGuardian
Secrets Management Maturity Model
Secrets Management Maturity Model
MegaCorp One
Sample Penetration Test Report
Sample Penetration Test Report
FORTINET
Routing in FortiGate
Routing in FortiGate
FUTURE OF PRIVACY FORUM
Risk Framework Body Related Data (PD) Immersive Tech
Risk Framework Body Related Data (PD) Immersive Tech
ENISA
Remote ID Proofing Good Practices
Remote ID Proofing Good Practices
Google
Why Red TeamsPlay a Central Rolein Helping OrganizationsSecure AI Systems
Why Red TeamsPlay a Central Rolein Helping OrganizationsSecure AI Systems
Red Canary
Threat Detection Report 2024
Threat Detection Report 2024
HADESS
Pwning the Domain Persistence
Pwning the Domain Persistence
Australian Goverment
PROTECTIVE SECURITYPOLICY FRAMEWORKSecuring government business:Protective security guidance for executive
PROTECTIVE SECURITYPOLICY FRAMEWORKSecuring government business:Protective security guidance for executive
CISC (Comité Internacional Sobre Ciberseguridad)
Política Nacional de Ciberseguridad 2023-2028
Política Nacional de Ciberseguridad 2023-2028
Google
Perspectiveson Securityfor the Board
Perspectiveson Securityfor the Board
HADESS
OSINT Method for Map Investigations
OSINT Method for Map Investigations
CCN-CERT
Observatorio Riesgos Ciberseguridad 2024
Observatorio Riesgos Ciberseguridad 2024
CYBERTHEORY
The ISMG Cybersecurity Pulse Report 2024 is a treasure trove of insights from the RSA Conference, revealing the dynamic landscape of cybersecurity. From AI to Zero Trust: A comprosive guide to the key themes and expert opinions from RSA CONFERENCE 2024 – #RSAC2024
The ISMG Cybersecurity Pulse Report 2024 is a treasure trove of insights from the RSA Conference, revealing the dynamic landscape of cybersecurity. From AI to Zero Trust: A comprosive guide to the key themes and expert opinions from RSA CONFERENCE 2024 – #RSAC2024
FORTINET
Bloking Malware Through Antivirus Security Profile in FortiGate
Bloking Malware Through Antivirus Security Profile in FortiGate