Written and medically reviewed by Dorcas Morak, PharmDThe Biden administration recently unveiled the National Cybersecurity Strategy, which aims to enhance cyber resilience, shift responsibility for cyber defense, and thwart cyber threat operations. The strategy is structured around five pillars, each representing a significant area of focus, and will have a considerable impact on critical infrastructure entities, including the healthcare industry.
One of the key implications for the healthcare industry is the need to prioritize IoT security, particularly medical IoT. The strategy proposes collaborating with vendors to guarantee IoT device security, which will relieve the burden on healthcare providers to protect products after implementation. The strategy also calls for greater emphasis on third-party risk management, with an increase in regulatory requirements.
Another significant impact on healthcare cybersecurity is the limit on data collection. The strategy proposes imposing robust, clear limits on the collection, use, transfer, and maintenance of personal data, including health information, and providing strong protections for sensitive data.
The Three Key Impacts on the Healthcare Industry
According to Mike Hamilton, CISO of Critical Insight, the National Cybersecurity Strategy will have significant impacts on the healthcare industry, with three key factors at the forefront.
First, there will be an increase in regulatory requirements and emphasis on third-party risk management. With a growing trend of compromising healthcare companies through business partners, assessing and tracking third-party security controls will become an additional regulatory duty.
Secondly, the strategy proposes collaborating with vendors to guarantee the security of IoT devices, particularly medical IoT. This will alleviate the burden on healthcare providers to protect products after implementation.
Lastly, the strategy aims to limit the amount of personally identifiable information (PII) that data stewards are permitted to acquire and share. The Administration supports imposing robust limits on data collection, use, transfer, and maintenance, and providing strong protections for sensitive data like geolocation and health information.
If implemented, the National Cybersecurity Strategy may also establish a federal insurance response structure to help the government assist in catastrophic cyber incidents. Healthcare providers must be aware of these implications and take necessary steps to protect their patients' privacy and security effectively.
What is the position of the American Hospital Association on this strategy?
The American Hospital Association has expressed its full support for the National Cybersecurity Strategy and commended the Biden Administration's effort. In the event of the strategy's implementation, it is possible to establish a federal insurance response structure to assist the government in catastrophic cyber incidents.
How does rxless protect my privacy?