Cybersecurity

HHS Releases Voluntary Cybersecurity Practices, Supplementing Existing Requirements


At the close of 2018, the Department of Health and Human Services (HHS) published Health Industry Cybersecurity Practices (HICP): Managing Threats and Protecting Patients. While not formally styled as guidance or interpretive material, when the primary regulator of patient and health data protection offers “suggestions,” those subject to HIPAA had better pay attention. Beyond highlighting common threats to the protection of patient data, the HICP encompasses two supplemental technical volumes centering on small organizations and medium and large organizations. Background Healthcare and life sciences organizations (particularly… more

Should You Go "All In" with the Cloud? (And How to Manage That Risk)


While references to “the cloud” and “cloud computing” are significantly more familiar than they were five years ago, it remains clear that many organizations implement cloud resources ineffectively – or at least do not understand the implications of the shift. Some all-too-common lines of thinking: We’ve moved our applications to our cloud provider – what does that have to do with our software development life cycle?; Our cloud-platform provider is responsible for securing our applications and data; or We’ve outsourced that – and all the… more

Early Lessons from the Marriott Breach


On November 30th, Marriott announced that a guest reservation database on the Starwood side of its business had been breached. Initial reports indicated that upwards of 500 million individuals were affected. The stolen data includes quite sensitive information, such as guest passport details and, likely, payment card information. Although it will probably take time before we fully understand the details of the incident – which appears to have continued unabated since 2014 – there are lessons that we can learn from the details already in… more

The Continuing Challenge of Cybersecurity Hygiene in Digital Health and Life Sciences


A recent issue of MIT’s Technology Review magazine is titled, “Look how far precision medicine has come.“ At least part of the premise is that personalized medicine or precision medicine is not perceived as having made the great strides promised nearly 20 years ago, when genome mapping was increasingly feasible and affordable. What is not up for debate is the extent to which life sciences and digital health firms rely upon increasingly distributed data collection and analytics. The data security challenges confronting healthcare delivery become… more