October 19, 2021

Volume XI, Number 292

Advertisement
Advertisement

October 19, 2021

Subscribe to Latest Legal News and Analysis

October 18, 2021

Subscribe to Latest Legal News and Analysis
Advertisement

Executive Order Addressing Cybersecurity Amidst FBI Uproar

Surprisingly amidst the Federal Bureau of Investigation (FBI) uproar, President Trump today signed an executive order addressing cybersecurity for the federal government and critical infrastructure, along with international coordination and cyber deterrence. The substance of the order, which is about to be made public, comes from various press releases and interviews with administration officials. The order is composed of three sections on cybersecurity and IT modernization within the federal government, protecting critical infrastructure, and establishing a cyber deterrence policy and coordinating internationally on cyber issues. In directing cabinet agencies to protect critical infrastructure, the order references the Obama administration’s “section 9” list of most critical entities, which already has prompted questions from industry.  Specifically, the order directs the Commerce Department and the Department of Homeland Security to coordinate an effort to reduce botnet cyber-attacks through a voluntary partnership with industry. This effort mirrors health industry association comments to Commerce’s National Institute of Standards and Technology (NIST), which next week will have an open forum to address the many comments made to its  rulemaking proposals. Interestingly, the Order directs the cabinet agencies to coordinate their own efforts with NIST.  The White House staff has been quoted as saying that “it is about time” the federal government was held to the same standard as private industry in addressing cybersecurity. Consistent with Industry requests, the framework is a voluntary tool actually developed in collaboration with industry, which argues that flexibility is required because policies must be adapted to the needs of different entities.

On the health care cyber front, it is interesting to note that James Comey’s last formal speech was given on May 8th to the American Hospital Association in which he raised concerns about the ability of the FBI to combat cyber-attacks and urged cooperation with hospitals and health systems not to get patient records but “fingerprints of digital intrusion.” I note that this is the point of the work of InfraGard, a cooperative effort between industry and the FBI, and is consistent with the public proposals of the Information Sharing and Analysis Organization Standards Organization (ISAO-SO), established by executive order. 

Comey’s abrupt departure suggests that his statements may quickly become passing memories, but the cooperative tone struck is more than a little inconsistent with proposals, for example, from the Department of Health & Human Services’ Office of Civil Rights (OCR), the enforcement agency for Health Insurance Portability and Accountability Act (HIPAA) matters, and from the Federal Trade Commission (FTC), which soon may inherit enhanced powers as the Federa l Communications Commission is attempting to leave the cyber security enforcement field.  Both the Office of Human Rights and the FTC stress enforcement as the optimal mode of gaining cyber compliance.

©2021 Epstein Becker & Green, P.C. All rights reserved.National Law Review, Volume VII, Number 131
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement

About this Author

Stuart Gerson, Health Care Attorney, Epstein Becker Law Firm
Member of the Firm

STUART M. GERSON is a Member of the Firm in the Litigation and Health Care & Life Sciences practices, in the firm's Washington, DC, and New York offices. Much of Mr. Gerson's practice has been centered on providing representation to clients in the health care industry (including insurers, hospitals, pharmaceutical manufacturers, managed care providers, and private equity funds, among others). He has extensive experience litigating cases involving the cybersecurity of health care information, trade secrets, and other confidential data as well as civil...

202-861-4180
Advertisement
Advertisement
Advertisement