From: GovInfoSecurity
Industry-Specific Cybersecurity Guidelines in the Works
By Marianne Kolbasuk McGee
A draft of a healthcare-specific version of the upcoming National Institute of Standards and Technology’s Cybersecurity Framework will be unveiled this fall.
NIST’s framework, being developed as a result of an executive order from President Obama, will be a set of voluntary best practice guidelines intended to help protect the nation’s critical infrastructure, which includes healthcare and many other sectors, such as financial services, energy distribution and transportation.
The healthcare sector version of the framework will address areas of cybersecurity that are important for organizations of all types and sizes, says Deborah Kobza, executive director of NH-ISAC, the national healthcare and public health critical infrastructure Information Sharing & Analysis Center.
NH-ISAC, which is leading the healthcare framework project, is one of many ISACs formed in the wake of the 9/11 attacks to address security issues in various sectors. The not-for-profit, public/private partnership works in collaboration with the Department of Health and Human Services and other agencies.
,
The group expects to release a draft of the healthcare version of the framework sometime in the fall after NIST issues its preliminary framework for public comment in October, Kobza says. NIST is expected to release its final framework for all sectors, including healthcare, next February.
The healthcare-specific framework will help organizations counter cyberthreats and provide a common foundation to support healthcare critical infrastructure resilience, Kobza says.
Reid Stephan, IT security manager at St. Luke’s Health System in Idaho, is hopeful that the framework will prove practical in addressing real-world security concerns. For example, he hopes it will address security for medical devices.
Healthcare Requirements
The healthcare version of the framework will include use cases on how the NIST Cybersecurity Framework can be implemented, Kobza explains.
“About 70 percent of the NIST framework to support the nation’s critical infrastructure will be the same regardless of industry,” she says. “There are lots of health industry regulations around cybersecurity, and the healthcare sector version will address those needs.”
Leave a Reply