News and Events

May 01, 2018

This article discusses how the National Cybersecurity Center of Excellence (NCCoE) develops practical and usable cybersecurity guidance that can be adopted across industries, including the healthcare sector. The NCCoE works across public-private partnerships to create the National Institute of Standards and Technology (NIST) Special Publication (SP)1800 Series practice guides that are focused on specific industry challenges that companies can adopt for use.

January 26, 2018

NIST and the National Cybersecurity Center of Excellence (NCCoE) have been using Cooperative Research and Development Agreements (CRADAs) for joint cybersecurity efforts. Companies with relevant products were invited to sign a CRADA with NIST, allowing them to participate in a consortium to build this example solution. NIST aims to describe the process that brings together the collaborators in an open and transparent way.

June 27, 2017

NCCoE Director of Operations Tim McBride will speak at Cyber Hygiene for the Health Sector on Tuesday, June 27 from 8am-9:30am EST at Launch Workplaces (9841 Washingtonian Blvd Ste 200, Gaithersburg, MD 20878). Do you worry about the security of your organizations data, your customer's data, or the potential impacts of a cyber attack on your organization? McBride will join speakers Denise Anderson, President, National Health Information Sharing and Analysis Center (NH-ISAC) and Kevin Crain, CISO, UMD Health System to examine the need for good cyber hygiene in healthcare sector organizations.

February 19, 2017

The NCCoE will be participating with NIST at the 2017 Healthcare Information and Management Systems Society (HIMSS) Annual Conference & Exhibition at the Orange County Convention Center in Orlando, Fl.  for additional information on presentations, demonstration times, and exhibition location. 

February 09, 2017

The National Cybersecurity Center of Excellence (NCCoE), a part of the National Institute for Standards and Technology (NIST), will demonstrate its current projects in San Francisco Feb. 13-17 at the RSA Conference and Orlando Feb 19-23 at the Healthcare Information and Management Systems Society Annual Conference & Exhibition (HIMSS17).

Individuals and organizations interested in learning more about the NCCoE’s work and how they can participate are encouraged to visit the booth and attend the presentations and demonstrations listed below.

RSA Conference: February 13-17, 2017

November 03, 2016

NCCoE Computer Scientist Gavin O'Brien will participate in the "Information Security: It's Everyone's Problem" session from 10:30m-11:30am at the AEHIX 16 Fall Forum in Phoenix, Arizona. This session explores the current threat landscape and identifies best practices for protecting the organization and information vital to patient care and business operations. This fall forum aims to bring together thought leaders from across health IA, IT, and IS specialties to network and share ideas on how IT can help bend the cost curve.

October 18, 2016

NIST and the Department of Health and Human Services' Office for Civil Rights will co-host the 9th annual Safeguarding Health Information: Building Assurance through HIPAA Security Conference on October 19-20, 2016 at the Capital Hilton, Washington, D.C. NCCoE computer scientist Gavin O'Brien will host a panel on "Addressing Healthcare Cybersecurity Challenges through Standards-based Solutions" on October 19 from 1:15pm-2:15pm.

August 16, 2016

The healthcare industry is plagued with data breaches and other cybersecurity nightmares. At the same time, connected medical devices – components of the so-called Internet of Things – are multiplying, opening more holes in security and creating terrible potential for patient casualties. The National Cybersecurity Center of Excellence (NCCoE), established by the National Institute for Standards and Technology (NIST), released its first cybersecurity practice guide last year called "Securing Electronic Health Records on Mobile Devices."

July 27, 2016

NCCoE Computer Scientist Gavin O'Brien will participate in a panel discussion on "Standards and Regulations Supporting Medical Device Cybersecurity and Privacy" at 10:50am at the New Jersey Hospital Association's Internet of Medical Things conference.  

July 14, 2016

Hospitals that integrate EHRs have started to look at external standards, such as those presented by the National Cybersecurity Center of Excellence (NCCoE) that attempt to create "best practice" guidelines for EHR security. Coupled with the MDM policies of the institution, they can create an environment that is functional, yet secure.

March 23, 2016

From the hospital hallways to home-based treatment, smartphones, tablets and wearables are aiding health care practitioners in their treatment of patients by providing secure access to critical, real-time patient data in electronic medical records. When the NIST and NCCoE established their cybersecurity guidelines around securely mobilizing electronic health records, there’s a reason they included the suggestion of utilizing an enterprise mobility management solution (EMM).

February 28, 2016

The NCCoE will be co-exhibiting with NIST at the Healthcare Information and Management Systems Society (HIMSS) Conference and Exhibition from Feb. 29 to March 4, 2016.

February 09, 2016

Earlier this week, President Barack Obama announced the implementation of the Cybersecurity National Action Plan (CNAP) in an effort to further improve the nation’s approach to cybersecurity.

In terms of healthcare cybersecurity, the increase in information sharing could be greatly beneficial, according to earlier statements from the Health Information Trust Alliance (HITRUST).

September 27, 2015

It’s no surprise that the National Cybersecurity Center of Excellence (NCCOE) has extended the public comment period for one of its newest guides, “Securing Electronic Health Records on Mobile Devices.” The five-part publication is one of the most detailed and potentially powerful resources that the NCCOE has released in recent memory, and it serves as one of the most comprehensive manuals to address the protection of patient information records, with a particular focus on securing mobile technology.

When the NCCOE released a draft in July, it planned to keep the comment period open until September 25. Recently, however, the NCCOE has determined to extend the public comment period until October 23, citing “stakeholder feedback” in its released statement.

August 25, 2015

A draft IT security guide for medical devices developed by the National Institute of Standards and Technology should undergo an exercise to see how it aligns with existing health-sector cybersecurity regulations, a NIST official said Tuesday.

Gavin O’Brien, a computer scientist at NIST’s National Cybersecurity Center for Excellence, said the guide was created in collaboration with the Department of Health and Human Services. But the guide has not been tested within HHS’ auditing process to see how effective it is at improving compliance with cybersecurity and privacy rules, he said. O'Brien participated in a Tuesday webcast on the new draft guidance, which was released in July.

August 24, 2015

Stolen personal information can have negative financial impacts, but stolen medical information cuts to the very core of personal privacy. Medical identity theft already costs billions of dollars each year, and altered medical information can put a person’s health at risk through misdiagnosis, delayed treatment, or incorrect prescriptions. Yet, the use of mobile devices to store, access, and transmit electronic healthcare records is outpacing the privacy and security protections on those devices.

So how can healthcare organizations better secure mobile devices that interact with patient health information?

August 13, 2015

With more health records being stored on mobile devices, the need for mobile health security is imperative among doctors, nurses, and other medical professionals. The National Institute of Standards and Technology (NIST) recently released a report called Securing Electronic Health Records on Mobile Devices shows healthcare organizations how to implement effective mobile health security systems that will prevent the differing segments of patient data from being accessed without full rights to the information, according to the Corporate Counsel.

 
August 12, 2015

NIST’s “Securing Electronic Health Records on Mobile Devices” gives organizations involved in the health care sector insights on how to design and implement security systems that protect the myriad personal and health information patients entrust them to collect and keep private. Although fairly technical, the guide helps focus organizations’ conversations around keeping electronic health records protected.

 

August 11, 2015

On July 22, the National Cybersecurity Center of Excellence (“NCCoE”), a U.S. government organization formed in 2012 within the National Institute of Standards and Technology (“NIST”), released a draft Cybersecurity Practice Guide pertaining specifically to the use of mobile devices to store, access and transmit electronic health records.  The draft Practice Guide is NCCoE’s first such publication in a special series, and, while it applies only to a narrow set of scenarios, it may shed light on how the organization will approach similar scenarios in the future. 

August 09, 2015

As medical records are increasingly digitized, providers of health IT products and services and medical providers who store sensitive patient health information present tempting targets for attackers.  Medical providers now regularly use mobile devices in their practices, but NIST notes that “the use of mobile devices to store, access and transmit electronic health care records is outpacing the privacy and security protections on those devices.”  The Department of Health and Human Services maintains a list of data breaches affecting the health information of 500 or more individuals, and 1,283 such incidents have...