HIMSS submits comments on NIST Cybersecurity Framework
Current Location:
> This Story

Forward Printable StoryPrint Comment




More HCB News

New study calls for pre-biopsy MR scans in prostate cancer assessment Better able to detect cancers that likely require treatment

ONC takes aim at data sharing and interoperability The 21st Century Cures Act is about more than just medical research

CT scans link progression of emphysema to air pollution Severity roughly equal to smoking a pack a day for 29 years

Actively regulated EHR standards are driving demand for outsourcing critical functionality Staying ahead of the curve as SCRIPT17 deadline approaches

AI solution distinguishes complex pathologies for accurate breast cancer diagnosis Classify ductal carcinoma in situ from atypia

NIH researchers uncover potential new indication of severe MS Based on dark-rimmed marks on patient brains

Law to reduce unneeded Medicare CT, MR exams delayed by Trump administration Overuse penalties stalled until 2022 or 2023: Kaiser Health News

Half of US hospital leaders surveyed are unfamiliar with premise of AI Less than a quarter are currently seeking to implement it

Buyer beware: The time to negotiate a service contract is at the point of sale Plan your service strategy before making a deal

RSNA and ACR to establish clinical data registry for 3D printing Demonstrating clinical value of 3D printing and best use of the technology

HIMSS submits comments on NIST Cybersecurity Framework

Press releases may be edited for formatting or style
On Monday, February 8, HIMSS submitted its comment letter to the National Institute of Standards and Technology (NIST) on its Views on the Framework for Improving Critical Infrastructure Cybersecurity Request for Information. HIMSS applauded NIST’s efforts in developing the NIST Cybersecurity Framework in collaboration with the private sector, but noted that healthcare providers and organizations must be equipped to defend against growing cyber threats using a consistent and effectively-implemented data security framework.

In addition, HIMSS emphasized that the Framework could be used as a tool to develop a common set of consensus-based, private sector-led guidelines, best practices, methodologies, procedures, and processes in relation to privacy and information security risk management. Moreover, the HIMSS comment letter noted that the NIST Cybersecurity Framework should continue to be voluntary.

Story Continues Below Advertisement


Special-Pricing Available on Medical Displays, Patient Monitors, Recorders, Printers, Media, Ultrasound Machines, and Cameras.This includes Top Brands such as SONY, BARCO, NDS, NEC, LG, EDAN, EIZO, ELO, FSN, PANASONIC, MITSUBISHI, OLYMPUS, & WIDE.

In its comment letter, HIMSS also discussed how NIST’s Cybersecurity Framework serves to inform organizations that are in need of either creating or updating their own risk management program. Whether an organization is standing up a new cybersecurity program or has a sophisticated program already in place, the Framework has the potential to serve organizations well in advancing the capabilities of organizations in addressing cybersecurity risk.

The Framework Core provides a set of functions (i.e., activities and outcomes) that organizations, including healthcare organizations, need to implement to address security incidents and, generally, managing cybersecurity risk: (1) Identify, (2) Protect, (3) Detect, (4) Respond, and (5) Recover.

Since many healthcare organizations could benefit from improving their risk management process and better address cybersecurity risks, HIMSS supports the idea that the Framework could be useful in helping healthcare organizations improve their security posture.

HIMSS also suggests that NIST (with input from healthcare stakeholders) bring together government, academia, and industry to continue to evolve the Framework so that it remains fluid and flexible enough to be a living document that can be improved to ensure that the Framework content reflects real world risks and risk management, including in view of interdependencies among the critical infrastructure sectors.

In terms of the steps that the US government could take to increase sharing of best practices, HIMSS commented that the government (i.e., NIST and other relevant government agencies) could assist in this effort through wide dissemination of such information across the healthcare sector (including, without limitation, small physician practices, long-term care facilities, and other healthcare organization constituents, large and small).

Also, HIMSS cited Section 405 of the Cybersecurity Act of 2015, as a positive step in this area. Finally, HIMSS discussed how the US government could increase sharing of best practices by facilitating cross-sector information sharing as well. The healthcare sector has numerous dependencies upon other critical infrastructure sectors and would greatly benefit from such cross-sector information sharing.

Media Contact: Karen Groppe kgroppe@himss.org 301-493-8159


You Must Be Logged In To Post A Comment