In the wake of the WannaCry global attack that impacted the U.K.’s National Health Service, the need to protect valuable health care data has never been more urgent. The U.S. government has begun to take steps in the right direction with the passing of executive orders on cybersecurity, the Cybersecurity Act of 2015, and the Government Accountability Office report on the Internet of Things.
The Health Care Industry Cybersecurity Task Force, created by Congress as part of the Cybersecurity Act of 2015, presented its “Report on Improving Cybersecurity in the Health Care Industry” in June 2017, naming six main recommendations and a substantial number of proposed action items for Congress, the Department of Health and Human Services, and other government agencies.
This past May, the Government Accountability Office released a report titled “Internet of Things: Implications of an Increasingly Connected World.” The report was meant to examine what is known about current and emerging IoT technologies, how and for what purpose IoT technologies are applied, and potential implications and risks of the use of IoT. While IoT devices have enormous potential to increase patient treatment and advances in information sharing in health care, the report outlines potential catastrophic consequences if these devices are not protected properly, including the risk of hacked devices interfering and threatening patient safety.
We wrote an article for Law360 that looks at recent legislative developments in the cybersecurity space, including both of the aforementioned reports and the Trump administration’s executive order for agency cyberassessments.
The material contained in this communication is informational, general in nature and does not constitute legal advice. The material contained in this communication should not be relied upon or used without consulting a lawyer to consider your specific circumstances. This communication was published on the date specified and may not include any changes in the topics, laws, rules or regulations covered. Receipt of this communication does not establish an attorney-client relationship. In some jurisdictions, this communication may be considered attorney advertising.