CHIME and WEDI have developed the “THINK BEFORE YOU CLICK” resource to assist consumers who are looking to share their health information with third-party apps. This initiative, which includes a 5-step checklist, is designed to educate and empower consumers to take the appropriate precautions prior to the transmission of health information to third-party apps. The checklist is non-branded and is made available at no cost to any organization seeking to educate and protect their constituents. There are three versions to allow for end users to customize the resource with their logo. For more information: https://chimecentral.org/chime-and-wedi-create-think-before-you-click-campaign/
Denise Anderson, president and CEO of the Health Information Sharing & Analysis Center, and HSCC Cyber Working Group Executive Committee Member, testifies at U.S. Senate Health, Education, Labor and Pensions Committee. Read the entire testimony here: https://www.help.senate.gov/imo/media/doc/Anderson%20testimony.pdf
New Health Sector Coordinating Council guidance aims to help medical device makers improve their communications regarding security vulnerabilities in their products, says Matt Russo, a security leader at Medtronic and a member of the task group that developed the document.
The mission of HSCC’s recently issued Medtech Vulnerability Communications Toolkit document is to assist medical device vendors in “demystifying” – for clinicians, patients and non-security professionals – vulnerabilities that involve some of the most technically advanced medical therapies available, Matt Russo says.
Listen to the entire podcast here: https://www.healthcareinfosecurity.com/interviews/tips-to-improve-medical-device-vulnerability-communications-i-5070.
Today the Health Sector Coordinating Council’s (HSCC) Cybersecurity Working Group (CWG) published the “Operational Continuity-Cyber Incident (OCCI)” checklist. This toolkit is intended to provide a flexible template for operational staff and executive management of healthcare organizations to respond to and recover from an extended enterprise outage due to a serious cyber-attack. Its suggested operational structures and tasks can be modified or refined according to an organization’s size, resources, complexity, and capabilities. It represents the best collective thinking of health sector cybersecurity and emergency management executives contributing to the HSCC Incident Response/Business Continuity (IRBC) Task Group. It is not associated in any way with any regulatory compliance program.
OCCI is available at https://healthsectorcouncil.org/hscc-recommendations/OCCI
“This freely available guidance allows HDOs of all sizes to include cybersecurity expectations in a legally binding document. As this template is utilized in agreements between HDOs and MDMs, it will improve the clarity, reduce the time burden, and improve the implemented level of security mitigations, as well as generally remove the confusion associated with contract negotiations over cybersecurity. It will not only serve to reduce the attack surface of an HDO but also communicate to the MDM what level of cybersecurity needs to be present in its devices in order to be competitive in the marketplace.”
Medical technology companies and health delivery organizations have a new template published March 3 for agreeing on cybersecurity contractual terms and conditions to reduce cost, complexity and time in the contracting process and improve patient safety.Health-Sector-Publishes-Medical-Device-Cybersecurity-Model-Contract-Language-Template-1
In the midst of the global COVID-19 pandemic, the federal tally shows that a record number of major health data breaches were reported in the U.S. in 2021, and the overwhelming majority of them involved hacking/IT incidents. Read the full article here:
The 405(d) Program and Task Group is a collaborative effort between industry and the federal government, which aims to raise awareness, provide vetted cybersecurity practices, and move organizations towards consistency in mitigating the current most pertinent cybersecurity threats to the sector. Please explore their website to learn more about our effort and all products and resources available to our stakeholders: https://405d.hhs.gov/public/navigation/home