Cybersecurity Expert Witness
When WannaCry ransomeware harms the patients of health care providers or members of a health plan, litigation raises questions. Were all measures taken to protect the plaintiff’s information? Either plaintiff or defendant may retain a Cybersecurity expert witness.
First of all, WannaCry ransomware increased focus on securing health data. Consequently, by raising the visibility of the security issue, the Wannacry ransomware cyberattack causes the healthcare industry to focus on best practices, processes, and technologies.
WannaCry is a global development. It displays its ransom in English, Chinese, and other languages. In the past, Cybersecurity efforts focused on generic approaches. In Healthcare, specific standards embody best practices to protect against ransomware.
Cybersecurity expert witness must know principles, generally accepted standards, industry best practices and guidelines.
Cybersecurity is “…the body of technologies, processes, practices designed to protect networks, computers, programs and data from attack, damage or unauthorized access…” Cybersecurity is referred to as “information technology security”.
As a result, there should be focus is on protecting software, computers, and the networks that carry data between them.
In addition, protection from unauthorized access, change, or destruction are all part of the best practices strategy. The field of cybersecurity also offers the best practices for endpoint security, threat intelligence, and hence, incident responses.
Cybersecurity in Healthcare
Consequently, cybersecurity expert witness should understand and communicate key components to prevent a breach. Breaches in healthcare cybersecurity are often HIPAA breaches. This is because healthcare information is protected under the Health Information Portability and Accountability Act (HIPAA) of 1996.
Therefore, HIPAA has both a Privacy Rule and a Security Rule. These statutes that have specific mandates for the protection of health information. The American Recovery and Reinvestment Act (ARRA) off 2009 presented new mandates. These are found in Title XIII of ARRA (Pub.L. 111–5).
Furthermore, the Health Information Technology for Economic and Clinical Health Act, or HITECH Act, creates new responsibilities. Any HIPAA Covered Entity that received stimulus funds also is accountable to HITECH standards.
Therefore, Eligible Hospitals (EHs) or Eligible Professionals (EPs) receive a carrot and a stick for moving from paper to Electronic Health Records.
It is noteworthy that new regulations propose to end the Meaningful Use stimulus funds. The HIPAA Privacy Rule and HIPAA Security Rule continue. The HITECH Act information safeguards also continue. At this time, there are proposed changes to Meaningful Use.
These changes do not offer any new provisions for cybersecurity, fending off hackers, or ransomware. In the future, HIPAA Covered Entities, as well as their patients and insureds, need to take all reasonable steps to ensure the privacy and security of their information.
WannaCry U.S. Health and Human Services
As a result, as the WannaCry attack spread, the Trump Administration’s Health and Human Services set provider calls to help. Thus, HealthcareIT News, reported that HHS held calls that more than 2,500 people attended.
Cybersecurity Expert Witness Must Understand WannaCry with respect to HITECH and HIPAA
Most of all, in our experience, even large Covered Entities don’t have all of the resources under one roof. Compliance and security threat management require outside expertise to complement an internal team.
Thus, a Cybersecurity expert witness should understand that HITECH Act and HIPAA Privacy and Security Rules together combat ransomware attacks such as WannaCry.