Healthcare Information Security


NIST Cybersecurity Included in Latest HITRUST CSF Version

July 21, 2017 - Version 9 of the HITRUST CSF will be released in August 2017 and is set to address the NIST Cybersecurity Framework requirements as well, according to a HISTRUST statement. A single assessment will include the necessary controls to address the NIST CSF. There will also be a report to display the HITRUST CSF controls through the NIST CSF Core Subcategories lens. Blue Cross and Blue Shield of...

More Articles

Industry Applauds HHS Cybersecurity Task Force Report

by Elizabeth Snell

In the wake of the Health Care Industry Cybersecurity Task Force releasing its report to Congress, the healthcare industry has largely had a positive reaction to the report’s recommendations on how to protect against evolving threats. The...

Medical Devices Reportedly Infected in Ransomware Attack

by Elizabeth Snell

The recent WannaCry ransomware attack that infiltrated more than 150 countries and forced some European healthcare organizations to suspend certain services reportedly infected certain medical devices as well. HITRUST explained in an email update...

Vendor Risk Management Key Focus in Recent HITRUST Program

by Elizabeth Snell

A new HITRUST exchange aims to help entities as they request and receive third-party security and privacy risk assessment information, streamlining the vendor risk management process. The HITRUST Assessment Exchange will utilize the HITRUST CSF...

How Healthcare Cybersecurity Measures Affect National Approach

by Elizabeth Snell

Earlier this month, the Subcommittee on Cybersecurity and Infrastructure Protection of the Homeland Security Committee held a hearing to determine the value and effectiveness of the current engagement between the private sector and the Department...

HITRUST CSF Roadmap Focuses on Small Healthcare Orgs, NIST CSF

by Elizabeth Snell

HITRUST announced enhancements to its cybersecurity framework, which will assist smaller healthcare organizations create stronger risk management programs, cybersecurity measures, and help them achieve NIST Cybersecurity Framework (NIST CSF)...

Data Security, Privacy Key in EHNAC Designation with HITRUST

by Elizabeth Snell

The Electronic Healthcare Network Accreditation Commission (EHNAC) was recently designated as an Assessor for the Health Information Trust Alliance (HITRUST) Common Security Framework (CSF). The move will allow EHNAC to help healthcare organizations...

EHNAC, HITRUST Eliminate Health Data Security Redundancies

by Elizabeth Snell

In an effort to help healthcare organizations cut down on certain health data security and privacy redundancies, two accreditation and certification organizations recently decided to work together on reducing costs and streamlining the processes...

EHNAC, HITRUST Combine HIPAA Security Criteria, CSF Framework

by Elizabeth Snell

The Electronic Healthcare Network Accreditation Commission (EHNAC) and the Health Information Trust Alliance (HITRUST) are collaborating to streamline their accreditation and certification programs. EHNAC will replace its HIPAA-related privacy...

HITRUST Aids Small Orgs in Healthcare Cybersecurity Threats

by Elizabeth Snell

Smaller healthcare organizations, specifically physician practices with less than 75 employees, can have difficulties in preparing against the evolving healthcare cybersecurity threats. That is why HITRUST and the North Texas-based health system...

HITRUST Program Identifies Healthcare Cybersecurity Threats

by Jacqueline Belliveau

With a slew of new healthcare cybersecurity threats seemingly appearing each day, many organizations are struggling to proactively identify and protect themselves from unknown and more sophisticated cyber threats, like hospital ransomware. The...

New Business Associate Group Talks Healthcare Data Security

by Jacqueline Belliveau

The Health Information Trust Alliance (HITRUST) recently announced the establishment of the HITRUST Business Associate Council (BA Council), which provides healthcare business associates and vendors with a forum for discussing third-party healthcare...

HITRUST Head Addresses Health Data Security, Cyber Insurance

by Jacqueline Belliveau

With the increase in volume and severity of recent health data breaches, more and more healthcare providers and associated organizations are relying on cyber insurance to complement their health data security policies and procedures. At the Homeland...

CHIME, HITRUST Comment On Cybersecurity Act Passing

by Elizabeth Snell

Healthcare cybersecurity will greatly benefit from the passing of the Cybersecurity Act of 2015, according to industry stakeholders. Congress passed the bill last week, and both the College of Healthcare Information Management Executives (CHIME)...

Healthcare Cybersecurity Urged in HITRUST Simulation Attack

by Elizabeth Snell

A recent cyberattack simulation designed to show areas of improvement for healthcare cybersecurity found that individual health plans do not find their current incident response plan to be adequate when it comes to protecting members. The Health...

Comments Sought on Healthcare Cybersecurity Draft Guide

by Elizabeth Snell

The Risk Management Working Group (RMWG) of the Joint Healthcare and Public Health (HPH) Coordinating Council wrote a healthcare cybersecurity draft guide and is seeking comments through November 30. The guide was also developed with the Health...

New Healthcare Cybersecurity Options in HITRUST Partnership

by Elizabeth Snell

Healthcare cybersecurity remains a hot topic in the industry, especially as large-scale health data breaches continue to occur. However, a recently announced partnership hopes to offer better cyber insurance options for healthcare organizations,...

Business Associates Benefit From HITRUST Program Expansion

by Elizabeth Snell

The HIPAA Omnibus Rule requires that healthcare business associates adhere to HIPAA, and covered entities need to ensure that those third-parties remain diligent in their data security measures. In an effort to improve the relationship between...

Will Cybersecurity Data Sharing Bill Benefit Healthcare?

by Elizabeth Snell

Healthcare cybersecurity could potentially be affected by a recent cybersecurity data sharing bill that was passed in the US House of Representatives earlier this week. HR 1560, or The Protecting Cyber Networks Act (PCNA), passed by a 307-116...

HITRUST Discusses Cybersecurity Threats, Risk Assessments

by Elizabeth Snell

Cybersecurity threats are an increasingly important issue in the healthcare industry, especially as incidents such as the Anthem and Premera data breaches show that organizations of any size could be a target. That is part of the reason why the...


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks