Cybersecurity

Cybersecurity is one of the top compliance and operational challenges facing the health care industry. As reliance on health information technology grows, cyber criminals increasingly target the lucrative data that health care systems maintain. An effective cybersecurity program is essential to preventing, detecting, and mitigating this ever-evolving threat.

This hub includes resources developed for AHLA educational events and publications, as well as useful resources available to the public, to help address the challenges that cybersecurity poses for the health care community. 

AHLA Publications and Resources

• COVID-19 Cyber Attacks: Ten Tips for Health Care and Other Organizations (Health Law Weekly, June 5, 2020)
• Hospital Dodges Data Breach Action After U.S. Court in New York Finds Plaintiff Lacked Standing (Health Law Weekly, May 15, 2020)
• What Health Care Response Teams Need to Know About Ransomware (Health Law Weekly, February 21, 2020)
• HIPAA and the CCPA: What Health Care-Related Organizations Need to Know (Health Law Weekly, November 1, 2019)
• Directors Beware: Yahoo Derivative Breach Settlement—What It Means for Personal Exposure of Directors for Cybersecurity Breaches (Business Law and Governance Practice Group Bulletin, October 4, 2019)
• Connected Devices in Health Care (Health Information and Technology Practice Group Briefing, January 24, 2019)
• The Cybersecurity Landscape: Intersection of Cyber Loss, Patient Safety, and Enterprise Risk Management (Health Law Connections, September 1, 2018)
• Death by a Thousand Cuts: Cybersecurity Risk in the Health Care Internet of Things (Health Law Weekly, May 18, 2018)
• Hacking of Medical Devices Is No Longer Just an Outlandish Movie Plot, Erica Mallon (March 2017)
• Think Outside the Breach: Six Legal Issues to Consider After Responding to a Cybersecurity Incident, By Kristin J. Jones and Jana M. Landon (March 2017)
• Your Money or Your Data: Ransomware & Modern Health Information Technology, Leonardo Tamburello (January 2017)
• Top Ten Health Law Issues 2017--The Rise of Ransomware, Jon Neiditz (January 2017)
• Is Your Organization Ready for a High-Profile Patient?, Ann G. Taylor, B. Moses Vargas, and Jennifer Stevens (June 2016)
• Ransomware: Coming to a Health Care Organization Near You, Patricia Hughes, Michaela D. Poizner, and Karina C. Smuclovisky, Enterprise Risk Management Task Force, Enterprise Risk Management Task Force (April 2016)
• FDA Recommends Medical Device Manufacturers Implement a Comprehensive Cybersecurity Risk Management Program in Accordance with NIST Standards, Shilpa Prem and Kim Tyrrell-Knott, Life Sciences and Health Information and Technology Practice Groups (March 2016)
• Top Ten Health Law Issues 2016 - Cybersecurity, Jennifer L. Rathburn and Jennifer J. Hennessy (February 2016)
• Class-Action Waivers and Arbitration Clauses in HIPAA/Data Security Disputes, Paul E. Knag (December 2015)
• Insurance Coverage for Health Care Cyber Risks, Arden B. Levy, sponsored by the Health Care Liability and Litigation Practice Group (November 2015)
• From the Internet to the Boardroom: Health Care Director Oversight of Cybersecurity, Kirstin Salzman and David Solberg, Business Law and Governance, Academic Medical Centers and Teaching Hospitals, Health Care Liability and Litigation, Health Information and Technology, Hospitals and Health Systems, and Physician Organizations Practice Group (October 2015)
• Manage Security Risks Now to Avoid a Hack(neyed), Post-Data Breach Response, Patricia A. Markus and Ken Miller (September 2015)
• Increasing Risk of Theft of Health Care Information, Diane Felix (February 2015)
• Top Ten Health Law Issues 2015 - Big Data in Health Care, Kristen Rosati (February 2015)
• Google Glass and Health Care: Initial Legal and Ethical Questions, Nicolas P. Terry, Chad S. Priest, Paul P. Szotek (February 2015)
• Offshoring Health Information: Issues and Lingering Concerns, Allen Briskin, Lisa C. Earl, Gerry Hinkley, and Joseph E. Kendell (October 2014)
• Cybersecurity and the Health Care Board, Michael W. Peregrine and Edward G. Zacharias (August 2014)
• Ten Privacy and Security Tasks for Counsel, Adam H. Greene (June 2014)
• Encrypting Email Within Your Health Care Organization: A Practical Guide, Alaina Crislip, Health Information and Technology Practice Group (April 2014)
• BYOD Policies and Procedures: Keeping Pace with Technology and Keeping Patient Information Safe, Andrea Musker, Health Information and Technology Practice Group (April 2014)

​Public Resources

• National Institute of Standards and Technology (NIST): Framework for Improving Critical Infrastructure Cybersecurity Framework
• Office for Civil Rights (OCR): HIPAA Security Rule Crosswalk to NIST Cybersecurity Framework 
• OCR: Enforcement Numbers at a Glance
• OCR: Fact Sheet, Ransomware and HIPAA
• U.S. Government Interagency Technical Guidance: How to Protect Your Networks from Ransomware
• Health Information Trust Alliance (HITRUST): Health Care Sector Cybersecurity Framework Implementation Guide
• Department of Health and Human Services (HHS), Technical Resources, Assistance Center, and Information Exchange (TRACIE): Cybersecurity Resources
• Office of the National Coordinator for Health Information Technology (ONC): Security Risk Assessment Tool
• Food and Drug Administration (FDA) Draft Guidance: Postmarket Management of Cybersecurity in Medical Devices
• FDA: Premarket Management of Cybersecurity in Medical Devices