NIST to Release New Guidance for Strengthening Hospital Cybersecurity

Bill Siwicki | Healthcare Finance News | April 18, 2016

The National Institute of Standards and Technology is poised to deliver new cybersecurty guidance, according to NIST fellow Ronald Ross. NIST offers a security framework that was developed for the federal government that helps organizations understand, select and implement security controls.

Ross likened the NIST framework, developed for the federal government under the Federal Information Security Modernization Act, to a very large catalog of privacy and security controls to safeguard the enterprise form hostile cyberattacks. And the latest iteration comes as the proliferation of advanced technologies is rapidly exceeding healthcare executives' ability to protect their organizations from cyberthreats, Ross added, because every new system or device expands an organization's attack surface.

"Organizations are buying as much IT as fast as they can to obtain greater capabilities," Ross explained. With that mad rush to embrace new technologies, however, there are certain things that healthcare organizations cannot control, such as operating systems or databases, for which the best they can really do is keep pace with the patches vendors like Microsoft and Oracle distribute. In the forthcoming guidance he said that NIST is working to reduce complexity of systems security engineering...