Senate passes CISA for coordinated cyberthreat sharing

The Senate voted 74-21 in favor of the Cybersecurity Information Sharing Act of 2015 which incentivizes companies to share cyberthreat data with the government.

Hospitals and health systems would get liability protections when they share cyberthreat data with the government in an effort to improve its detection, mitigation and response to such issues.

While critics said the bill would do little to strengthen cybersecurity and protect individuals' personal information, several medical associations voiced their support. 

In a joint statement, CHIME and the Association for Executives in Health Information Security said CISA is a significant advancement in cybersecurity that will better enable CIOs and CISOs to protect patient health information. The associations are "especially encouraged that the Senate-approved bill includes language that would establish a cybersecurity framework specifically focused on health care and instructs [HHS] to identify a specific leader on cyber preparedness.”

The Health Information Trust Alliance also supports the bill, which "recognizes the importance of a health industry specific cybersecurity framework as well as associated guidance and best practices."

HIMSS also expressed its support, citing the creation of an industry task force charged with developing a plan to ensure healthcare leaders have access to actionable cyberthreat information, through a single source, at no cost.

“The healthcare community will further benefit from the establishment of a common set of security and risk management best practices that can be implemented consistently across the sector and mapped to a single, voluntary, national health-specific cybersecurity framework,” according to the association’s statement.

However, not everyone is pleased with the bill. CISA is a "a huge step backwards" for privacy rights, according to Greg Nojeim, senior counsel at the Center for Democracy and Technology. "Now, more personal information will be shared with the [National Security Agency] and with law enforcement agencies, and that information will certainly be used for purposes other than enhancing cybersecurity.”

Under CISA, a task force of health industry leaders and cybersecurity experts will identify challenges and solutions for cybersecurity and create a central, federal resource on cyber intelligence for rapid response to active threats. The Department of Health and Human Services will appoint an official charged with coordinating health cybersecurity efforts. HHS also will produce reports on emerging healthcare cyberthreats and create best practices for healthcare providers to follow data security measures.

Beth Walsh,

Editor

Editor Beth earned a bachelor’s degree in journalism and master’s in health communication. She has worked in hospital, academic and publishing settings over the past 20 years. Beth joined TriMed in 2005, as editor of CMIO and Clinical Innovation + Technology. When not covering all things related to health IT, she spends time with her husband and three children.

Around the web

The tirzepatide shortage that first began in 2022 has been resolved. Drug companies distributing compounded versions of the popular drug now have two to three more months to distribute their remaining supply.

The 24 members of the House Task Force on AI—12 reps from each party—have posted a 253-page report detailing their bipartisan vision for encouraging innovation while minimizing risks. 

Merck sent Hansoh Pharma, a Chinese biopharmaceutical company, an upfront payment of $112 million to license a new investigational GLP-1 receptor agonist. There could be many more payments to come if certain milestones are met.