ARTICLE
30 January 2019

HHS Provides Guidance To Health Care Industry On Mitigating Cyber Security Threats

DP
Day Pitney LLP

Contributor

Day Pitney LLP logo
Day Pitney LLP is a full-service law firm with more than 300 attorneys in Boston, Connecticut, Florida, New Jersey, New York and Washington, DC. The firm offers clients strong corporate and litigation practices, with experience on behalf of large national and international corporations as well as emerging and middle-market companies. With one of the largest individual clients practices on the East Coast, the firm also has extensive experience assisting individuals and their families, fiduciaries and tax-exempt entities plan for the future.
Explore Firm Details
As the health care sector continues to be a target of cyberattacks, the Department of Health and Human Services (DHHS) released new guidance to protect health care organizations from cyberattacks.
United States Food, Drugs, Healthcare, Life Sciences
Photo of George Mikhail
Authors

As the health care sector continues to be a target of cyberattacks, the Department of Health and Human Services (DHHS) released new guidance to protect health care organizations from cyberattacks. This guidance is a result of the recommendations from a task force of cyber security and health care industry experts convened to comply with the mandate in the Cybersecurity Act of 2015.

DHHS states that the goal of the guidance is to:

  • cost-effectively reduce cybersecurity risks for a range of health care organizations;
  • support the voluntary adoption and implementation of its recommendations; and
  • ensure, on an ongoing basis that content is actionable, practical, and relevant to health care stakeholders of every size and resource level.

The publication focuses on addressing email phishing, ransomware, loss or theft of data, insider threats and targeted attacks against connected medical devices. Among its  many recommendations, the guidance states that health care organizations (of any size) should have e-mail protection systems, network management, cybersecurity policies, and data protection and loss prevention. 

DHHS Deputy Secretary Eric Hargan explained that "cyberattacks are especially concerning because these attacks can directly threaten not just the security of our systems and information but also the health and safety of American patients."

While compliance with this guidance is voluntary, health care entities should begin to implement the best practices provided in the guidance, as it is likely that the guidance recommendations will become the new standard of security in the health care industry.

For more articles and regular updates on legislative changes, regulatory developments and other news of interest to businesses, professionals and investors in the healthcare industry, please subscribe to Day Pitney's mailing lists.

Click here for more Healthcare Blogs from Day Pitney

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Authors
Photo of George Mikhail
George Mikhail
Your Author LinkedIn Connections
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More