Cybersecurity

Cybersecurity is one of the top compliance and operational challenges facing the health care industry. As reliance on health information technology grows, cyber criminals increasingly target the lucrative data that health care systems maintain. An effective cybersecurity program is essential to preventing, detecting, and mitigating this ever-evolving threat.

This hub includes resources developed for AHLA educational events and publications, as well as useful resources available to the public, to help address the challenges that cybersecurity poses for the health care community. 

AHLA Publications and Resources

• Hacking of Medical Devices Is No Longer Just an Outlandish Movie Plot, Erica Mallon (March 2017)
• Think Outside the Breach: Six Legal Issues to Consider After Responding to a Cybersecurity Incident, By Kristin J. Jones and Jana M. Landon (March 2017)
• Your Money or Your Data: Ransomware & Modern Health Information Technology, Leonardo Tamburello (January 2017)
• Top Ten Health Law Issues 2017--The Rise of Ransomware, Jon Neiditz (January 2017)
• Is Your Organization Ready for a High-Profile Patient?, Ann G. Taylor, B. Moses Vargas, and Jennifer Stevens (June 2016)
• Ransomware: Coming to a Health Care Organization Near You, Patricia Hughes, Michaela D. Poizner, and Karina C. Smuclovisky, Enterprise Risk Management Task Force, Enterprise Risk Management Task Force (April 2016)
• FDA Recommends Medical Device Manufacturers Implement a Comprehensive Cybersecurity Risk Management Program in Accordance with NIST Standards, Shilpa Prem and Kim Tyrrell-Knott, Life Sciences and Health Information and Technology Practice Groups (March 2016)
• Top Ten Health Law Issues 2016 - Cybersecurity, Jennifer L. Rathburn and Jennifer J. Hennessy (February 2016)
• Class-Action Waivers and Arbitration Clauses in HIPAA/Data Security Disputes, Paul E. Knag (December 2015)
• Insurance Coverage for Health Care Cyber Risks, Arden B. Levy, sponsored by the Health Care Liability and Litigation Practice Group (November 2015)
• From the Internet to the Boardroom: Health Care Director Oversight of Cybersecurity, Kirstin Salzman and David Solberg, Business Law and Governance, Academic Medical Centers and Teaching Hospitals, Health Care Liability and Litigation, Health Information and Technology, Hospitals and Health Systems, and Physician Organizations Practice Group (October 2015)
• Manage Security Risks Now to Avoid a Hack(neyed), Post-Data Breach Response, Patricia A. Markus and Ken Miller (September 2015)
• Increasing Risk of Theft of Health Care Information, Diane Felix (February 2015)
• Top Ten Health Law Issues 2015 - Big Data in Health Care, Kristen Rosati (February 2015)
• Google Glass and Health Care: Initial Legal and Ethical Questions, Nicolas P. Terry, Chad S. Priest, Paul P. Szotek (February 2015)
• Offshoring Health Information: Issues and Lingering Concerns, Allen Briskin, Lisa C. Earl, Gerry Hinkley, and Joseph E. Kendell (October 2014)
• Cybersecurity and the Health Care Board, Michael W. Peregrine and Edward G. Zacharias (August 2014)
• Ten Privacy and Security Tasks for Counsel, Adam H. Greene (June 2014)
• Encrypting Email Within Your Health Care Organization: A Practical Guide, Alaina Crislip, Health Information and Technology Practice Group (April 2014)
• BYOD Policies and Procedures: Keeping Pace with Technology and Keeping Patient Information Safe, Andrea Musker, Health Information and Technology Practice Group (April 2014)

​Public Resources

• National Institute of Standards and Technology (NIST): Framework for Improving Critical Infrastructure Cybersecurity Framework
• Office for Civil Rights (OCR): HIPAA Security Rule Crosswalk to NIST Cybersecurity Framework 
• OCR: Enforcement Numbers at a Glance
• OCR: Fact Sheet, Ransomware and HIPAA
• U.S. Government Interagency Technical Guidance: How to Protect Your Networks from Ransomware
• Health Information Trust Alliance (HITRUST): Health Care Sector Cybersecurity Framework Implementation Guide
• Department of Health and Human Services (HHS), Technical Resources, Assistance Center, and Information Exchange (TRACIE): Cybersecurity Resources
• Office of the National Coordinator for Health Information Technology (ONC): Security Risk Assessment Tool
• Food and Drug Administration (FDA) Draft Guidance: Postmarket Management of Cybersecurity in Medical Devices
• FDA: Premarket Management of Cybersecurity in Medical Devices