Global Edition
HIMSS24

HIMSS24 Cyber Forum keynote stresses collaboration on standards

Trust in the digital economy is built upon several key principles like cybersecurity, privacy, interoperability and equity in technology development, use and standards, says NIST's Cherilyn Pascoe.
By Andrea Fox
March 11, 2024
03:10 PM

Cherilyn Pascoe, Director, NIST National Cybersecurity Center of Excellence

Photo: HIMSS Media

ORLANDO – "We think a lot about trust, how to build trust into technology so that we can realize its potential to serve our society and the public good," said Cherilyn Pascoe, Director of the National Cybersecurity Center of Excellence at the National Institute of Standards and Technology, as she opened the preconference Healthcare Cybersecurity Forum at HIMSS24 on Monday.

"Our mission dates all the way back to the U.S. Constitution as one of the original agencies," she told top healthcare cybersecurity leaders there to discuss the best cybersecurity practices and strategies to secure data and ultimately protect healthcare delivery.

She noted that the establishment of NIST was recently included in a recent Saturday Night Live sketch featuring George Washington, choosing the U.S. system of weights and measures. 

"NIST, in particular, has filled General Washington's dream by doing some really great work in the standardization space, including the development of the advanced encryption standard, which has now provided hundreds of millions of dollars of economic value to the United States, and enhanced security for all."

Pascoe's keynote at the Mitigating Cyber Threat Risks Across the Healthcare Enterprise: Strategies that Protect, forum stressed the importance of collaboration and she shared details about NIST's ongoing cybersecurity work and its impacts.

Collaboration in action

While NIST has expanded its work into all areas of cybersecurity as a nonregulatory agency, its success depends on collaboration with each sector it focuses on, she explained.

"Work that we really excel at is on working with communities, identifying kind of the significant challenges that the community is facing and then working with that community," Pascoe said, noting that NCCoE is working with "some of the best minds around the world to help identify solutions," to address the cyber risks they face.

In February, NIST updated its Cybersecurity Framework with Version 2.0 – a major overhaul. 

"The framework has existed for the past decade, which is really remarkable when you think about how much the cybersecurity landscape has changed in the past 10 years, the changes in technology and risk – and it really has endured." 

Key to that update was a collaboration with an international community of experts, said Pascoe.

"We worked with thousands of people that are using the framework – told us how they're using it, how it should be updated," she said. 

"And all of that is reflected in the newest version that we just released."

Pascoe also shared a slide showing the names of 34 healthcare organizations that signed cooperative research and development agreements with the agency.

In addition to developing NIST's newest framework – the AI risk management framework – over the next one to two years, the agency will be working to update its privacy framework and update to version 1.1, and she encouraged attendees to engage, since it is "meant to be stapled" to CSF and "used together."

Working to implement frameworks 

The NCCoE is a collaboration center, so "the goal is for NIST to not be the one to identify what's important, but for all of you to tell us what are the areas where there are still significant cybersecurity challenges that one company or one vendor alone cannot solve," said Pascoe.

To showcase how to secure a telehealth remote patient ecosystem – the total security architecture across healthcare delivery organizations, telehealth providers and patients – using NIST cybersecurity, privacy and risk management frameworks, the agency worked with the University of Mississippi Medical Center and Inova Health System. 

"Both are now using the work that we've developed at the center," said Pascoe.

"And not only are they using it internally within their own organizations, but they've also now developed guidance on how to provide additional tools for their patients to protect their security as well," she said.

The latest project NCCoE is taking up looks at both the security and privacy of genomic data. 

"It's one that has attracted attention from both Congress, as well as the White House, as well as many within the industry," she said.

Since there is not a lot of guidance on genomic cybersecurity, "it's a real gap that we hope to be able to fill with our work at the center," she said.

Working with the cybersecurity and privacy frameworks, the center will develop guidance specifically for genomic cybersecurity data.

"We're actually in a lab, working with equipment, working with standards, really trying to make this real so that the guidance that we create can be practical and actionable for the community to leverage," she said.

Advice to HIMSS24 attendees

NIST frameworks are a really powerful tool that can be leveraged by organizations to help reduce service, Pascoe said. 

"It's also very clear that business leaders need to be responsible for cybersecurity," she said.

"We love it when we see CEOs of organizations publicly talking about how they're using the NIST cybersecurity framework, how they have empowered their cybersecurity teams."

"It's also really clear that improving the security of technology products increases the security of healthcare."

When thinking about cybersecurity, organizations must look at it from a mission-specific risk – a business-specific risk – "especially because today, cybersecurity is something that affects every organization's mission," Pascoe said.

She also reminded attendees that while NIST frameworks are sector-neutral, tailored resources are available. Chief among them is the Healthcare Sector Coordinating Council's NIST cybersecurity framework implementation guide unveiled at HIMSS23 and updated last month, NIST's HIPAA cybersecurity resource guide.

Finally, she advised cyber forum attendees that, as they walk through the exhibitor hall at HIMSS24, to remember NIST's secure software development framework.

"As you walk around the vendor floor this week and see all of the different technologies that are available to you, I really want you to consider asking different companies, are you using the NIST secure software development framework?" 

"If not, walk away," and "If they say, hey, we're using NIST standards, ask them which one," she said.

Andrea Fox is senior editor of Healthcare IT News.
Email: afox@himss.org
Healthcare IT News is a HIMSS Media publication.

Topics: 
Government & Policy, HIMSS24, Interoperability, Privacy & Security, Telehealth

More regional news

UnitedHealth Group Optum building

Optum Virtual Care said to be closing down

By
Andrea Fox
April 26, 2024
Dr. Yinka Oyelese of Beth Israel Deaconess Medical Center on ultrasound AI

AI can make maternal ultrasonography more accessible, accurate and efficient

By
Bill Siwicki
April 26, 2024
John Halamka, president, Mayo Clinic Platform, and Arcadia president and CEO Michael Meucci with Kate Milliken

Prepare for success before deploying healthcare AI

April 26, 2024
Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.

Top Story

Dr. Yinka Oyelese of Beth Israel Deaconess Medical Center on ultrasound AI
AI & ML Intelligence
AI can make maternal ultrasonography more accessible, accurate and efficient

Most Read

HSCC publishes 5-year healthcare cybersecurity strategic plan
How virtual care is evolving beyond traditional applications – with a hand from AI
Healthcare is the big victim of Blackcat's cyber counteroffensive
Highmark works with Epic and Google to boost payer-provider data exchange
At the AI In Healthcare Forum, a chance to compare notes and learn from peers
A sense of urgency at the Healthcare Cybersecurity Forum

Research

White Papers

More Whitepapers

Compliance & Legal
Artificial Intelligence
Analytics

Webinars

More Webinars

Artificial Intelligence
Analytics
Analytics

Video

Adam McMullin at AvaSure_Palm trees and skyscrapers in Orlando Photo by Gabriele Maltinti/iStock/Getty Images Plus
Patient safety gets a boost from AI-powered virtual care
Sponsored by
John Halamka, president, Mayo Clinic Platform, and Arcadia president and CEO Michael Meucci with Kate Milliken
AI should augment, not replace, clinicians’ expertise
Jonathan Bush at Zus Health_Palm trees and skyscrapers in Orlando Photo by Gabriele Maltinti/iStock/Getty Images Plus
Independent patient data platform helps advance interoperability
Rachelle Landry at BD Palm trees and skyscrapers in Orlando Photo by Gabriele Maltinti/iStock/Getty Images Plus
How to help clinicians understand the value of digital health

More Stories

A radiologist examining X-ray images
National University Hospital launching AI-driven...
Heidi Wold at Longevity Health Plan_Palm trees and skyscrapers in Orlando Photo by Gabriele Maltinti/iStock/Getty Images Plus
Patients benefit from post-acute care
Wes Cronkite of TruBridge on AI
Highlighting rural voices is imperative for equitable, bias-free healthcare AI
Dr. Bill Frist and Larry Ellison
Oracle launches Autonomous Shield initiative, with eye on cloud cybersecurity
Clinicians consult a tablet
Patch management advice for fixing IoT vulnerabilities
Dr. Jesse M. Ehrenfeld, AMA president_Palm trees and skyscrapers in Orlando Photo by Gabriele Maltinti/iStock/Getty Images Plus
AMA leader: Physicians must be the lodestar for IT innovation
Christine Antorini
Recognizing nursing as a calling: A key step toward enhancing workforce sustainability
One of Mercy Health's hospitals in Victoria
Role-based messaging's growing popularity in...