February Update:

​HHS Pushes Better Cybersecurity Across the Health Sector
Between constant ransomware and medical device software scares, the health care sector has become a scary place for cybersecurity. Now the Department of Health and Human Services (HHS) is asking organizations in the health care sector to adopt what it calls “high-impact cybersecurity practices.” For details, the Federal Drive with Tom spoke with Brian Mazanec, HHS Deputy Assistant Secretary and Director of the Office of Security, Intelligence, and Information Management. Read more of the interview here.            

NIST SP 800-66 Rev.2: Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule: A Cybersecurity Resource Guide
NIST published the final version of Special Publication (SP) 800-66r2 (Revision 2), Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule: A Cybersecurity Resource Guide. This publication, revised in collaboration with the U.S. Department of Health and Human Services (HHS) Office for Civil Rights, provides guidance for regulated entities (i.e., HIPAA-covered entities and business associates) on assessing and managing risks to electronic Protected Health Information (ePHI), identifies typical activities that a regulated entity might consider implementing as part of an information security program, and presents guidance that regulated entities can utilize in whole or in part to help improve their cybersecurity posture and assist with achieving compliance with the HIPAA Security Rule.