The amendments to Japan’s Act on the Protection of Personal Information went into effect on May 30, 2017. The amendments provide clarity on what types of personal information will be regulated and steps operators need to take to be in compliance.
The Act, Generally
Formulated “to protect an individual’s right and interests while considering the utility of personal information,” the Act (1) sets forth the overall vision and policy regarding the proper handling and protection of personal information, (2) clarifies the responsibilities and obligations of the central and local governments in the protection of personal information, and (3) ensures that the proper application of personal information contributes to the creation of new industries, the realization of a vibrant economic society, and an enriched quality of life for the people of Japan.
Continue reading “Japan’s Protection of Personal Information Amendments Go into Effect”
In the wake of the WannaCry global attack that impacted the U.K.’s National Health Service, the need to protect valuable health care data has never been more urgent. The U.S. government has begun to take steps in the right direction with the passing of executive orders on cybersecurity, the Cybersecurity Act of 2015, and the Government Accountability Office report on the Internet of Things.
Continue reading “Time to Focus on Cybersecurity in Health Care”
In a previous blog post, our team evaluated the draft recommendations prepared by the Health Care Industry Cybersecurity Task Force in its “Report on Improving Cybersecurity in the Health Care Industry.”
We recently examined three of the six major recommendations in the report and their potential impact on the existing health care regulatory environment. These include:
- HHS and a Comprehensive Health Care Security Framework
- Government and Private Incentives to Migrate Vulnerable Health Care Providers to More Secure Environments
- Development of Fraud and Abuse Exemptions to Foster Collaboration and Permit Shared Resources
For more insight, read our detailed review of the health care security recommendations above.
Formed by the Cybersecurity Act of 2015, a task force established to share cybersecurity information between federal government and private industry representatives has released its “Report on Improving Cybersecurity in the Health Care Industry.” They presented six major action items for Congress, the Department of Health and Human Services, other government agencies and private industry.
The Report organized its recommendations under six Imperatives:
- Define and streamline leadership, governance, and expectations for health care industry cybersecurity;
- Increase the security and resilience of medical devices and health IT;
- Develop the health care workforce capacity necessary to prioritize and ensure cybersecurity awareness and technical capabilities;
- Increase health care industry readiness through improved cybersecurity awareness and education;
- Identify mechanisms to protect research and development efforts and intellectual property from attacks or exposure; and
- Improve information sharing of industry threats, weaknesses, and mitigations.
In a recent alert, we evaluated the action items and draft recommendations prepared by the Task Force, = and discuss how the Trump administration will react to these new proposals.
Read our review of the Health Care Cybersecurity Task Force Report
The Trump administration has issued two executive orders focusing on national cybersecurity. The first establishes the American Technology Council, tasking it with developing policy around the use of information technology by the federal government and providing insight into how information technology policy is delivered to the president.
The orders include aggressive deadlines for federal agencies to submit reports on the cybersecurity of critical infrastructure entities, which may be difficult to meet.
For more insight, read our detailed review of the executive orders.
The WannaCry cyberattack on Friday, May 12, 2017 was the largest international ransomware attack to date.
Victims of the attack range in size—from Fortune 500 to small/medium-sized businesses—and industry—from academic institutions to large banks, health care providers and transportation networks. The U.K.’s health care regulatory agency, the National Health Service (NHS), was a major target. The attack’s devastating scale in exploiting data security vulnerabilities is a good reminder of how critical it is for health care organizations to conduct comprehensive security assessments immediately and regularly.
We took a close look at the WannaCry ransomware incident and have some tips for what organizations need to know to minimize their risk in this article.