OR Manager August 2023 - 19
Technology
own devices, which typically have low
security.
" ORs need a lot of medical devices, "
Bhuyan says. " It's one of the weakest
links. Some of these devices are costly
and are running on old Windows, and
there is no way to update the software,
making them vulnerable to attack. Staff
use those systems to browse, and
there's evidence that they use these
systems for questionable material. Each
medical device has around six vulnerabilities,
and 40% of devices used at
end of life care are not protected. "
Understanding cybersecurity
insurance
Bhuyan says cybersecurity insurance is
an important component of a comprehensive
plan to protect data and mitigate
risk, but adoption remains much
lower in healthcare compared to other
industries. His research found that only
30% of healthcare organizations had
cybersecurity insurance in 2017, compared
to 90% of organizations in the
financial sector.
Cybersecurity insurance is designed
to mitigate the financial liability resulting
from damages or losses caused
by a data breach. However, there is no
standard format for the underwriting of
these policies. " Unfortunately, there's
no 200-year-old actuary table for cyber
risk, " says Hamilton. " We don't have
empirical data. That's why we have the
mandatory reporting requirement. "
In March 2022, the Cyber Incident
Reporting for Critical Infrastructure Act
was signed into law, requiring " critical
infrastructure " businesses to report
cyber incidents to the US Department
of Homeland Security Cybersecurity and
Infrastructure Security Agency within 72
hours from the time the cyber incidents
were believed to have occurred. They
are also required to report ransomware
payments within 24 hours of making
any payments as a result of an attack.
" As a consequence of the collection
of information, we will start to build an
www.ormanager.com
Federal steps to address hospital cyberattacks
The National Institute of Standards and
Technology (NIST) released an updated
Cybersecurity Resource Guide in 2022 that
is designed to help hospitals and health
systems keep patient information-including
prescriptions, lab results, and records
of hospital visits and vaccinations-safe
from hackers, as required under the Health
Insurance Portability and Accountability
Act. " The revision is more actionable so
that healthcare organizations can improve
their cybersecurity posture and comply with
the security rule, " said Jeff Marron, a NIST
cybersecurity specialist, in a July 2022 release.
President
Biden signed the Cyber Incident
Reporting for Critical Infrastructure
Act into law in March 2022, which requires
that businesses report cyber incidents to
the US Department of Homeland Security
Cybersecurity and Infrastructure Security
Agency (CISA) within 72 hours, as well as
ransomware payments within 24 hours of
making them. The rulemaking is ongoing,
and CISA has received numerous public
comments, including from healthcare facilities,
that call attention to the complex nature
of privacy and reporting when it comes
to patient data.
University of Wisconsin Hospitals and
Clinics Authority wrote in a public comment:
" We request that CISA clarify
whether protected health information will
be included in reports by healthcare organizations.
If we are expected to include such
information...we ask that the government
consider a higher standard for including
this information, over and above the reasonable
belief that a cyberattack occurred. "
To address the vulnerability of medical
actuary table for insurance to price risk
better, " Hamilton says.
Guidelines from Bhuyan's review in
the Journal of Medical Systems recommend
that hospitals seek cybersecurity
policies that include three key compodevices,
senators introduced the Protecting
and Transforming Cyber Health Care
Act in March 2022. The act would ensure
that cyber devices used in hospitals meet
cybersecurity requirements when they are
applying for premarket approval from the
Food and Drug Administration, and that the
manufacturers design and provide updates
throughout the devices' lifecycle.
In January 2023, NIST released the Cybersecurity
Framework 2.0, designed to be
a " living document " that calls for increased
international collaboration and national
implementation models and templates for
sector-specific threats.
References
Cyber incident reporting for Critical Infrastructure
Act of 2022 fact sheet.
CISA.
H.R.7084 - PATCH Act of 2022. Congress.gov.
117th Congress (20212022).
Implementing
the Health Insurance
Portability and Accountability Act
(HIPAA) Security Rule: A Cybersecurity
Resource Guide. NIST Special
Publication. July 2022.
NIST Cybersecurity Framework 2.0
Concept Paper: Potential significant
updates to the cybersecurity framework.
National Institute of Standards
and Technology. January 19, 2023.
NIST updates guidance for healthcare
cybersecurity. NIST. July 21, 2022.
Request for information on the cyber
incident reporting for Critical Infrastructure
Act of 2022. Regulations.
gov.
nents: liability coverage against claims
for damages from theft, loss, or unauthorized
disclosure of information; coverage
for liabilities from regulatory fines,
such as those involving the Health Insurance
Portability and Accountability
OR Manager | August 2023 19
https://www.cisa.gov/sites/default/files/publications/CIRCIA_07.21.2022_Factsheet_FINAL_508%20c.pdf
https://www.congress.gov/bill/117th-congress/house-bill/7084/text?r=1&s=1
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-66r2.ipd.pdf
https://www.nist.gov/system/files/documents/2023/01/19/CSF_2.0_Concept_Paper_01-18-23.pdf
https://www.nist.gov/news-events/news/2022/07/nist-updates-guidance-health-care-cybersecurity
https://www.regulations.gov/docket/CISA-2022-0010/comments
http://www.ormanager.com
OR Manager August 2023
Table of Contents for the Digital Edition of OR Manager August 2023
OR Manager August 2023 - 1
OR Manager August 2023 - 2
OR Manager August 2023 - 3
OR Manager August 2023 - 4
OR Manager August 2023 - 5
OR Manager August 2023 - 6
OR Manager August 2023 - 7
OR Manager August 2023 - 8
OR Manager August 2023 - 9
OR Manager August 2023 - 10
OR Manager August 2023 - 11
OR Manager August 2023 - 12
OR Manager August 2023 - 13
OR Manager August 2023 - 14
OR Manager August 2023 - 15
OR Manager August 2023 - 16
OR Manager August 2023 - 17
OR Manager August 2023 - 18
OR Manager August 2023 - 19
OR Manager August 2023 - 20
OR Manager August 2023 - 21
OR Manager August 2023 - 22
OR Manager August 2023 - 23
OR Manager August 2023 - 24
OR Manager August 2023 - 25
OR Manager August 2023 - 26
OR Manager August 2023 - 27
OR Manager August 2023 - 28
OR Manager August 2023 - 29
OR Manager August 2023 - 30
OR Manager August 2023 - 31
OR Manager August 2023 - 32
https://www.nxtbook.com/accessintelligence/ORManager/orm_jan_feb-2025
https://www.nxtbook.com/accessintelligence/ORManager/orm_november-2024
https://www.nxtbook.com/accessintelligence/ORManager/orm_asc_october-2024
https://www.nxtbook.com/accessintelligence/ORManager/orm_october-2024
https://www.nxtbook.com/accessintelligence/ORManager/orm_september-2024
https://www.nxtbook.com/accessintelligence/ORManager/orm_august-2024
https://www.nxtbook.com/accessintelligence/ORManager/orm_july-2024
https://www.nxtbook.com/accessintelligence/ORManager/orm_june-2024
https://www.nxtbook.com/accessintelligence/ORManager/orm_may-2024
https://www.nxtbook.com/accessintelligence/ORManager/ormc_brochure_march-2024
https://www.nxtbook.com/accessintelligence/ORManager/orm_april-2024
https://www.nxtbook.com/accessintelligence/ORManager/orm_asc_march-2024
https://www.nxtbook.com/accessintelligence/ORManager/orm_march-2024
https://www.nxtbook.com/accessintelligence/ORManager/orm_february-2024
https://www.nxtbook.com/accessintelligence/ORManager/orm_january-2024
https://www.nxtbook.com/accessintelligence/ORManager/orm_november-2023
https://www.nxtbook.com/accessintelligence/ORManager/orm_october-2023
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-september-2023
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-august-2023
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-july-2023
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-june-2023
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-may-2023
https://www.nxtbook.com/accessintelligence/ORManager/ormc-brochure-march-2023
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-april-2023
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-march-2023
https://www.nxtbook.com/accessintelligence/ORManager/orm-february-2023
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-january-2023
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-november-december-2022
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-october-2022
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-september-2022
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-august-2022
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-july-2022
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-june-2022
https://www.nxtbook.com/accessintelligence/ORManager/ormc-brochure-may-2022
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-may-2022
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-april-2022
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-march-2022
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-february-2022
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-january-2022
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-november-december-2021
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-october-2021
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-september-2021
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-august-2021
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-july-2021
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-june-2021
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-may-2021
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-April-2021
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-march-2021
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-february-2021
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-january-2021
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-december-2020
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-october-2020
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-september-2020
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-august-2020
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-july-2020
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-june-2020
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-may-2020
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-april-2020
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-march-2020
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-february-2020
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-january-2020
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-december-2019
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-november-2019
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-october-2019
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-september-2019
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-august-2019
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-july-2019
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-june-2019
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-may-2019
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-april-2019
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-march-2019
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-february-2019
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-january-2019
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-december-2018
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-november-2018
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-october-2018
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-september-2018
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-august-2018
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-july-2018
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-june-2018
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-may-2018
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-april-2018
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-march-2018
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-february-2018
https://www.nxtbook.com/accessintelligence/ORManager/or-manager-january-2018
https://www.nxtbookmedia.com