Healthcare cybersecurity could potentially be affected by a recent cybersecurity data sharing bill that was passed in the US House of Representatives earlier this week.
HR 1560, or The Protecting Cyber Networks Act (PCNA), passed by a 307-116 bi-partisan vote. The legislation states that it will “improve cybersecurity in the United States through enhanced sharing of information about cybersecurity threats.” However, the bill was debated by many in the months leading up to the vote, as critics claim that the move will encroach on individuals’ privacy rights.
Just last week, 55 civil liberties groups and security experts wrote a letter to the House of Representatives, asking them to not pass the bill:Like its Senate counterpart, the Cybersecurity Information Sharing Act (CISA, S. 754), PCNA would significantly increase the National Security Agency’s (NSA) access to personal information, and authorize the federal government to use that information for a myriad of purposes unrelated to cybersecurity. The revelations of the past two years concerning the intelligence community’s abuses of surveillance authorities and the scope of its collection and use of individuals’ information demonstrates the potential for government overreach, particularly when statutory language is broad or ambiguous.
The letter added that PCNA doesn’t provide strong security protections, and that there is not enough clarity in what information can be shared or how that information may be used by the government.
PCNA states that it will create a more fluid way for informatoin sharing between corporations and government agencies. Moreover, companies could potentially warn one another, through government organizations, about what tools and techniques hackers are attempting to use to gain sensitive information.
The bill explains it will promote “the sharing with non-Federal entities, if appropriate, of information in the possession of the Federal Government about imminent or ongoing cybersecurity threats to such entities to prevent or mitigate adverse impacts from such cybersecurity threats.” It will also encourage “the timely sharing with relevant non-Federal entities of cyber threat indicators in the possession of the Federal Government that may be declassified and shared at an unclassified level.”
The Health Information Trust Alliance (HITRUST) also made a statement this week, supporting the bill and explaining why it will be beneficial for healthcare. According to HITRUST, the two cybersecurity bills “provide legal certainty that companies sharing that information have safe harbor against frivolous lawsuits when voluntarily sharing and receiving threat indicators and defensive measures in real time and taking actions to mitigate cyberattacks.”
“Both measures go far in addressing information sharing priorities and provide clarity for healthcare companies,” HITRUST explained. “HITRUST opposes any amendments that would weaken significant provisions in either bill including the need to safeguard privacy and civil liberties, weaken liability protection for information sharing and establish appropriate roles for government agencies and departments.”
HITRUST added that over 500 new healthcare organizations joined its cyber threat exchange program in the last two months alone. The exchange lets HITRUST “elevate the cyber posture for the healthcare industry.”
In an interview with HealthITSecurity.com earlier this year, HITRUST CEO Daniel Nutkis explained that a national cybersecurity bill would help healthcare stay more secure.
“I think where we would like to be more engaged is in the dialogue in what the expectations are for an information sharing and analysis organization,” Nutkis said, adding that information sharing can be a fairly generic term. However, with proper education programs it could be beneficial.
“For organizations to have a meaningful dialogue there has to be some context, and sometimes to have the context there has to be a consistent maturity, or level of knowledge and sophistication,” Nutkis said.
Read more Source: http://ift.tt/1z1Dmfx
from health IT caucus http://ift.tt/1OPbkp9
via IFTTT
No comments:
Post a Comment