Академический Документы
Профессиональный Документы
Культура Документы
Adreel George
MHA 504: Healthcare Policy
Introduction/Background – Executive Order
2013
NIST: Framework For Improving Critical
Infrastructure Cybersecurity
AHA Recommendations
HITRUST
Healthcare Cybersecurity Task Force
Potential Threats
Conclusion
In May 2009, President Obama declared “digital
infrastructure as a strategic national asset.”
o Framework Core,
o Framework Profile, and
o Framework Implementation Tiers
Identified 6 Imperatives:
◦ Define and streamline leadership, governance and expectations
◦ Increase security and resilience of devices and health IT
◦ Develop healthcare workforce capacity necessary to prioritize and ensure
cybersecurity awareness and technical capabilities
◦ Increase healthcare industry readiness through improved cybersecurity
awareness and education
◦ Identify mechanisms to protect research and development efforts and
intellectual property from attacks or exposure
◦ Improve information sharing of industry threats, warnings and mitigations.
Data security classifications
◦ Confidentiality
2 parties communicating information and third party
unable to view because it is protected
Encryption problems
◦ Availability
Users are able to access a system or service
Ransomware
◦ Integrity
Data is viewed/received with same values as it was
entered (unaltered/untampered)
Changing of EMR, incorrect RXs and medical device
tampering
Ransomware
◦ Malware that encrypts data on infected machines
and demands ransom to retrieve data
Medstar 2016 incident
Hollywood Presbyterian Medical Center (pd. $17,000),
the Chino Valley Medical Center, the Desert Valley
Hospital, and Methodist Hospital in Henderson,
Kentucky suffered similar attacks in 2016.
WannaCry
NIST Framework provides basic foundation for
Cybersecurity
AHA has issued recommendations and
recognizes adjustments necessary
Collaboration across the sector is necessary and
was utilized to generate the Report on Improving
Cybersecurity In The Healthcare Industry
Report recognized the need for “harmonization”
between existing and future law to help remove
resource and financial burden for organizations
trying to be compliant with complicated and
disparate policy.
American Hospital Associatoin. (2013, September). Retrieved June 16, 2017, from
www.aha.org/content/13/aha_primer_cyberandhosp.pdf
Cline, D. B. (2016). Healthcare and Public Health (HPH) Cybersecurity Framework (CsF) Implementation
Guide. Retrieved June 20, 2017, from
https://hitrustalliance.net/documents/hitrust2016/Wednesday/PDF/IndustryImplementationOfNIST.pd
f
Health Care Industry Cybersecurity Task Force. (2017). Report on Improving Cybersecurity in the Health
Care Industry. Retrieved June 16, 207, from
https://www.phe.gov/Preparedness/planning/CyberTF/Documents/report2017.pdf
HITRUST Alliance. (2016). Healthcare Sector Cybersecurity Framework Implementation Guide. Retrieved
June 16, 2017, from
https://hitrustalliance.net/document/cybersecurtiy/HITRUST_healthcare_sector_cybersecurity_framewo
rk_Implementation_Guide.pdf
Sheber, S. (2017, June 14). Journal of AHIMA. Retrieved June 20, 2017, from HHS Task Force Report
Highlights 'Urgent Challenge' of Healthcare Cybersecurity: http://journal.ahima.org/2017/06/14/hhs-
task-force-report-highlights-urgent-challenge-of-healthcare-cybersecurity/