In a letter on January 19, to Dr. Walter Copan, HIMSS offered its responses to the National Institute of Standards and Technology (NIST) Framework for Improving Critical Infrastructure Cybersecurity Version 1.1 Draft 2 on how health information and technology can play a role in improving the cybersecurity infrastructure of our nation’s healthcare sector.
Overall, HIMSS applauds Draft 2 of the Framework and the NIST Roadmap for Improving Critical Infrastructure Cybersecurity Version 1.1. Improved cybersecurity practices, policies, and procedures are essential for all critical infrastructure owners and operators. HIMSS also applauds and supports the voluntary, non-proprietary nature of the Framework, as well as the universal applicability of the Framework.
Since the publication of its Cybersecurity Call to Action, HIMSS has been advocating for the adoption of holistic security measures, and thus HIMSS supports NIST’s inclusion of holistic security principles throughout the Framework—including the alignment of cybersecurity risk management with the business context and resources that support critical functions. The Call to Action also advocates for adoption and use of the Framework, as well as fostering the growth of the healthcare cybersecurity workforce.
HIMSS recommends that the Framework should address in more detail how to assess and manage risk concerning information technology and operational technology assets. Additionally, HIMSS recommends that the Framework should be aligned with the National Infrastructure Protection Plan (NIPP) and the National Cyber Incident Response Plan (NCIRP). HIMSS notes that community needs to advance the state of cybersecurity together—and not foster uncertainty and silos.