WEDI Gives Healthcare-Specific Advice for Enhancing the NIST Cybersecurity Framework

The Workgroup for Electronic Data Interchange (WEDI) has replied to the query for data from the National Institute of Standards and Technology (NIST) and has produced a number of tips for enhancing the NIST cybersecurity framework and supply chain risk management advice to assist healthcare companies to handle a few of the most urgent threats confronting the industry.

Ransomware is considered one of the major threats affecting the healthcare sector, and that will probably not change in the near future. To aid healthcare companies manage the risk, WEDI has advised NIST to give attention to ransomware and deal with the concern of ransomware specifically in the cybersecurity system. NIST released a new ransomware resource in February 2022, which includes important tips on avoiding, detecting, answering, and dealing with ransomware attacks. WEDI feels the introduction of ransomware inside the cybersecurity platform will increase the reach and effect of the resource.

WEDI has additionally advised the addition of particular case studies of healthcare companies that have encountered a ransomware attack, updating the platform to determine contingency planning techniques in line with the kind of healthcare company and giving guidance with emphasis on contingency preparation, setup, and recovery. Ransomware attacks on healthcare companies have risks that do not apply to other entities. More information in this section is of great advantage to healthcare companies and can help reduce interruption and patient safety concerns.

Healthcare companies are creating patient access Application Programming Interfaces (APIs) and applications (apps) that are under HIPAA, and are consequently necessary to integrate safety measures to make sure the privacy and security of any healthcare information they have, however, WEDI has driven attention to the absence of strong privacy requirements that are appropriate to third party health applications that aren’t covered by HIPAA. WEDI states there’s a requirement for a national security framework to make sure that medical information acquired by third-party applications has proper privacy and security criteria.

The amount of risks and vulnerabilities to mobile and implantable healthcare devices has exploded at an unbelievable level lately and those dangers will probably grow significantly in the many years. WEDI has advised NIST to deal with cybersecurity problems associated with these devices specifically in the cybersecurity system, and in addition, tackle the problem of insider threats. Numerous healthcare data breaches are the result of insider threats including missing electronic devices, social engineering, and phishing attacks. WEDI addresses these problems and security awareness training ought to be satisfied in the cybersecurity system.

WEDI has additionally recommended NIST create a version of its cybersecurity system that is directed at smaller healthcare companies, which do not have the means accessible to remain up to date concerning the most recent security improvements and carry out the most recent security steps and protocols. A framework version that is more targeted at the threats experienced by smaller companies will be very beneficial and ought to consist of practical proactive actions that can be undertaken by small healthcare companies to offset risks.