The National Institute of Standards and Technology is set to release a new cyber security framework, previously only available to the federal government. This framework was originally made with the intention to help organizations understand, select and implement security controls and is essentially a very large database of potential data breaches that could occur and how to prevent and mitigate them. The updated version comes in a technological boom, as NIST fellow Ronald Ross admits that technology is advancing much more quickly than most healthcare organizations can keep up and that this is an attempt from the NIST to alleviate that problem.
Ross acknowledges that many issues, such as company operating systems or databases, that can be out of the victim’s control and as such the best bet is usually to trust patch vendors like Microsoft or Oracle. Ross describes the effectiveness of patching as “When you fly on an airplane or cross a bridge, you do so because you trust the airplanes we fly and the bridges we cross, you have confidence in the people who designed and built them.” He also emphasizes the companies to use the released framework, urging that “We can build and deploy systems that we can trust, too, in a hospital environment, so the systems can better withstand cyberattacks, are more penetration-resistant, and limit the damage an adversary can do if an attack comes through the perimeter.”