CHIME and WEDI have developed the “THINK BEFORE YOU CLICK” resource to assist consumers who are looking to share their health information with third-party apps. This initiative, which includes a 5-step checklist, is designed to educate and empower consumers to take the appropriate precautions prior to the transmission of health information to third-party apps. The checklist is non-branded and is made available at no cost to any organization seeking to educate and protect their constituents. There are three versions to allow for end users to customize the resource with their logo. For more information: https://chimecentral.org/chime-and-wedi-create-think-before-you-click-campaign/

05/18/2022: Denise Anderson testimony to United States Senate Committee on Health, Education, Labor, and Pensions

Denise Anderson, president and CEO of the Health Information Sharing & Analysis Center, and HSCC Cyber Working Group Executive Committee Member, testifies at U.S. Senate Health, Education, Labor and Pensions Committee.  Read the entire testimony here:  https://www.help.senate.gov/imo/media/doc/Anderson%20testimony.pdf

05/13/2022: Tips to Improve Medical Device Vulnerability Communications

New Health Sector Coordinating Council guidance aims to help medical device makers improve their communications regarding security vulnerabilities in their products, says Matt Russo, a security leader at Medtronic and a member of the task group that developed the document.

The mission of HSCC’s recently issued Medtech Vulnerability Communications Toolkit document is to assist medical device vendors in “demystifying” – for clinicians, patients and non-security professionals – vulnerabilities that involve some of the most technically advanced medical therapies available, Matt Russo says.

Listen to the entire podcast here: https://www.healthcareinfosecurity.com/interviews/tips-to-improve-medical-device-vulnerability-communications-i-5070.

04/29/2022: Health Industry Publishes “Operational Continuity-Cyber Incident (OCCI)” Checklist

Today the Health Sector Coordinating Council’s (HSCC) Cybersecurity Working Group (CWG) published the “Operational Continuity-Cyber Incident (OCCI)” checklist. This toolkit is intended to provide a flexible template for operational staff and executive management of healthcare organizations to respond to and recover from an extended enterprise outage due to a serious cyber-attack.  Its suggested operational structures and tasks can be modified or refined according to an organization’s size, resources, complexity, and capabilities.  It represents the best collective thinking of health sector cybersecurity and emergency management executives contributing to the HSCC Incident Response/Business Continuity (IRBC) Task Group.  It is not associated in any way with any regulatory compliance program.

OCCI is  available at https://healthsectorcouncil.org/hscc-recommendations/OCCI

04-13-2022: HSCC’s Model Contract Language Template Represents a Win-Win Cybersecurity Solution for HDOs and MDMs

“This freely available guidance allows HDOs of all sizes to include cybersecurity expectations in a legally binding document. As this template is utilized in agreements between HDOs and MDMs, it will improve the clarity, reduce the time burden, and improve the implemented level of security mitigations, as well as generally remove the confusion associated with contract negotiations over cybersecurity. It will not only serve to reduce the attack surface of an HDO but also communicate to the MDM what level of cybersecurity needs to be present in its devices in order to be competitive in the marketplace.”

Read more here: https://www.aami.org/news/article/hscc-s-model-contract-language-template-represents-a-win-win-cybersecurity-solution-for-hdos-and-mdms

03/03/2022: Health Industry Publishes Model Contract Language for Medical Technology Cybersecurity

Medical technology companies and health delivery organizations have a new template published March 3 for agreeing on cybersecurity contractual terms and conditions to reduce cost, complexity and time in the contracting process and improve patient safety.


Record Number of Major Health Data Breaches in 2021

In the midst of the global COVID-19 pandemic, the federal tally shows that a record number of major health data breaches were reported in the U.S. in 2021, and the overwhelming majority of them involved hacking/IT incidents. Read the full article here: