WASHINGTON – The Cybersecurity and Infrastructure Security Agency (CISA), in partnership with the United Kingdom’s National Cyber Security Centre (NCSC–UK), Australian Cyber Security Centre (ACSC), Canadian Centre for Cyber Security (CCCS), New Zealand National Cyber Security Centre (NZ NCSC), National Security Agency (NSA), and Federal Bureau of Investigation (FBI) released an advisory today with cybersecurity best practices for information and communications technology (ICT), focusing on enabling transparent discussions between managed service providers (MSPs) and their customers on securing sensitive data.

Severe disasters impose additional challenges on health care providers. Often questions arise about the ability of entities covered by the HIPAA regulations to share individuals’ health information, including with friends and family, public health officials, and emergency personnel. As summarized in more detail below, the HIPAA Privacy Rule allows patient information to be shared to assist in disaster relief efforts, and to assist patients in receiving the care they need. In addition, while the HIPAA Privacy Rule is not suspended during a public health or other emergency, the Secretary of HHS may waive certain provisions of the Privacy Rule under section 1135(b)(7) of the Social Security Act.

The Confidentiality Coalition and the Workgroup for Electronic Data Interchange has sent a letter to the secretaries of Commerce and Health and Human Services voicing concerns about the potential misuse of patient health information by unregulated third-party applications.

Top U.S. officials are ramping up their warnings about possible Russian cyberattacks on critical infrastructure as the war in Ukraine escalates. In an interview with “60 Minutes” on CBS, Deputy Attorney General Lisa Monaco and Cybersecurity and Infrastructure Security Agency Director Jen Easterly discussed the threats they’re seeing and the various ways their respective agencies are preparing for potential Russian cyberattacks.