HealthcareCISO

President Trump yesterday signed into law a bill (H.R. 7898) containing provisions that require the Secretary of Health and Human Services to consider certain recognized cybersecurity best practices when making determinations against HIPAA-covered entities and business associates victimized by a cyberattack.

For example, the bill recognizes cybersecurity practices established under the National Institute of Standards and Technology Act and approaches established under Section 405(d) of the Cybersecurity Act of 2015 by the Healthcare and Public Health Sector Coordinating Council (HSCC) Working Group, whose members include the AHA.

The HSCC expressed strong support for the...