Healthcare , Industry Specific , Standards, Regulations & Compliance

How the NIST CSF 2.0 Can Help Healthcare Sector Firms

Robert Booker of HITRUST on Managing the Risk Life Cycle
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
Robert Booker, chief strategy officer, HITRUST

The National Institute of Standards and Technology's updated Cybersecurity Framework 2.0 can help healthcare organizations better formalize their governance functions to enhance their cybersecurity posture and resilience, said Robert Booker, chief strategy officer at HITRUST.

"Healthcare companies have traditionally been so laser-focused on HIPAA - at least in the security perspective, the HIPAA Security rule - that they oftentimes look at frameworks like the NIST Cybersecurity Framework and others as ancillary," he said.

"What NIST has done, and continues to do, is to understand from an organizational and a practical perspective how organizations look at their cybersecurity programs," he said.

The update to the NIST CSF provides a broader framework for the healthcare sector firms to extend their mapping from both the front and the back ends of a security life cycle and to also take into consideration recent threats trends, Booker said.

"I almost think of it as an NFL football game," he said. "It allows us to be tailored and relevant to the facts that we're facing right now."

HITRUST, formerly called the Health Information Trust Alliance, is best known for its Common Security Framework, which is used for health and financial information.

In this audio interview with Information Security Media Group (see audio link below photo), Booker also discussed:

  • How the NIST CSF 2.0 compares with the HITRUST CSF and HITRUST's approach to cyber risk management;
  • A recent HITRUST companion document that provides guidance for leveraging the HITRUST approach in implementing the NIST CSF 2.0 in many critical infrastructure sectors including healthcare;
  • Considerations in mapping the HIPAA Security Rule with the new NIST CSF 2.0 program.

Booker, recently retired after spending 13 years as CISO of a large health insurer. He previously served at a multinational telecommunications company, leading and supporting information security programs and initiatives for numerous global enterprises in the pharmaceutical and consumer products sectors.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.