"We will provide critical infrastructure owners and operators the timely access to actionable cybersecurity information necessary to protect their own networks and facilities," says one of bill's chief sponsors, Rep. Dan Lungren.
As legal issues surrounding data breaches become increasingly complex, more organizations are turning to attorneys for post-breach response, says Lisa Sotto, a managing partner for New York-based law firm Hunton & Williams.
The delay in the release of final versions of HIPAA modifications and the HIPAA breach notification rule makes it difficult for healthcare organizations to set information security investment priorities, says hospital privacy officer Kari Myrold.
The plan identifies opportunities to engage the private sector in activities for transitioning promising R&D into practice. It prioritizes the development of a "science of security" to derive first principles and the fundamental building blocks of security and trustworthiness.
Smaller hospitals and clinics soon will get some extra guidance from federal regulators about preparing risk assessments. But a federal advisory group has urged the Department of Health and Human Services to offer far more guidance on a variety of information security issues.
With many questions left unanswered regarding comprehensive cybersecurity legislation, the future seems bleak. But there's hope, says Jacob Olcott, a former top Capitol Hill staffer on cybersecurity matters.
One key reason why encryption isn't more widely used in healthcare is that some information technology specialists have outdated perceptions about the technology, contends security expert Melodi Mosely Gates.
The bring-your-own-device trend is increasing, but work-place policies are not. ISACA's Ken Vander Wal says low employee awareness and the absence of any BYOD policy are to blame. So what can organizations do to fill their security gaps?