Privacy & Security

NIST to release new guidance for strengthening hospital cybersecurity

The imminent set of best practices will help healthcare organizations become more penetration-resistant, more effective at limiting damage attackers can inflict and ultimately better able to withstand cyberattacks. 
By Bill Siwicki
April 18, 2016
07:59 AM

The National Institute of Standards and Technology is poised to deliver new cybersecurty guidance, according to NIST fellow Ronald Ross.

NIST offers a security framework that was developed for the federal government that helps organizations understand, select and implement security controls.

Ross likened the NIST framework, developed for the federal government under the Federal Information Security Modernization Act, to a very large catalog of privacy and security controls to safeguard the enterprise form hostile cyberattacks.

Learn more at the upcoming HIMSS and Healthcare IT News Privacy and Security Forum, May 11-12, 2016, in Los Angeles. Register here. 

And the latest iteration comes as the proliferation of advanced technologies is rapidly exceeding healthcare executives’ ability to protect their organizations from cyberthreats, Ross added, because every new system or device expands an organization’s attack surface.

“Organizations are buying as much IT as fast as they can to obtain greater capabilities,” Ross explained.

With that mad rush to embrace new technologies, however, there are certain things that healthcare organizations cannot control, such as operating systems or databases, for which the best they can really do is keep pace with the patches vendors like Microsoft and Oracle distribute.

In the forthcoming guidance he said that NIST is working to reduce complexity of systems security engineering.

“The best way to describe the concept is like this: When you fly on an airplane or cross a bridge, you do so because you trust the airplanes we fly and the bridges we cross, you have confidence in the people who designed and built them,” he said.

To that end, the guidance will include best practices for buidling software and systems that are both secure and trustworthy.  

“We can build and deploy systems that we can trust, too, in a hospital environment, so the systems can better withstand cyberattacks, are more penetration-resistant, and limit the damage an adversary can do if an attack comes through the perimeter,” Ross said. 

Sign up for the Healthcare IT News Privacy & Security Update newsletter.

Twitter: @SiwickiHealthIT
Email the writer: bill.siwicki@himssmedia.com

Like Healthcare IT News on Facebook and LinkedIn

 

Topics: 
Government & Policy, Privacy & Security

More regional news

A pharmacist reviewing a digital record

Blooms The Chemist integrates Healthengine and more briefs

By
Adam Ang
November 17, 2024
HIMSSCast logo

HIMSSCast: Caregiver input needed for allocation of investment dollars

By
Bill Siwicki
November 15, 2024
HHS Building

Trump picks RFK Jr. to lead HHS

By
Susan Morse
November 15, 2024
Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.

Top Story

Former Georgia Rep. Doug Collins
Trump taps former Rep. Doug Collins to head VA

Most Read

Clinical IT leaders on meeting CMS' mandate for patient data access
Epic and Oracle Health sign on to Veteran Interoperability Pledge
Vendor Notebook: New cybersecurity and EHR performance upgrades 
Texas AG settles with clinical genAI company
Interoperability in healthcare moving forward despite challenges
What Loper Bright and the end of Chevron deference mean for HHS

Research

White Papers

More Whitepapers

Patient Engagement
Patient Engagement
Financial/Revenue Cycle Management

Webinars

More Webinars

Imaging
Interoperability
Artificial Intelligence

Video

Lee Kim at HIMSS_Global Health Equity Week 2024
AI can be leveraged to improve cybersecurity and health equity
Dr. Keisuke Nakagawa at UC Davis Health_Global Health Equity Week 2024
How artificial intelligence is changing the equation for SDOH integration
Andrea Hsu at National Science and Technology Council_HIMSS24 APAC
Fostering health IT innovation through academic-industrial collaborations
Valerie Rogers at HIMSS_Global Health Equity Week 2024
Technology and policy have a role to play in improving maternal health

More Stories

Mike Relli at Knight Consulting_Global Health Equity Week 2024
New approaches to improving healthcare access for justice-impacted individuals
HIT professional reviews information on a laptop outside a server room
ASPR seeks feedback on public health orgs' cybersecurity needs
Gabriel Jones of Proprio on AI
Artificial intelligence is enabling big advances in surgery
Pharmacist sorting pills
Deploy RFID technologies to streamline controlled substance management
Healthcare workers in a meeting
Prioritizing cost management at U.S. healthcare systems: Keys to better margins
Healthcare worker looking at medical record on tablet with patient in background
Protect your IoMT devices against evolving cyberattacks
Jill Brewer at HIMSS_Healthcare Cybersecurity Forum 2024
What's the weakest link in organizational cybersecurity? Not what you might think
Richard Staynings at the University of Denver_Healthcare Cybersecurity Forum 2024
The challenges of safeguarding healthcare's 'data ocean'