Skip navigational links

Health Care Cybersecurity

Cybersecurity is one of the top compliance and operational challenges facing the health care industry. As reliance on health information technology grows, cyber criminals increasingly target the lucrative data that health care systems maintain. An effective cybersecurity program is essential to preventing, detecting, and mitigating this ever-evolving threat.
This content collection includes resources developed for AHLA educational events and publications, as well as useful resources available to the public, to help address the challenges that cybersecurity poses for the health care community. 

AHLA Resources

March 2017 - Hacking of Medical Devices Is No Longer Just an Outlandish Movie Plot, Erica Mallon (*access restricted to AHLA members)

March 2017 - Think Outside the Breach: Six Legal Issues to Consider After Responding to a Cybersecurity Incident, By Kristin J. Jones and Jana M. Landon (*access restricted to AHLA members)

January 2017 - Your Money or Your Data: Ransomware & Modern Health Information Technology, Leonardo Tamburello (*access restricted to AHLA members)

January 2017 - Top Ten Health Law Issues 2017--The Rise of Ransomware, Jon Neiditz

June 2016 - Is Your Organization Ready for a High-Profile Patient?, Ann G. Taylor, B. Moses Vargas, and Jennifer Stevens (*access restricted to AHLA members)

April 2016 - Ransomware: Coming to a Health Care Organization Near Your, Patricia Hughes, Michaela D. Poizner, and Karina C. Smuclovisky, sponsored by the Enterprise Risk Management Task Force (*access restricted to sponsoring PG)

March 2016 - FDA Recommends Medical Device Manufacturers Implement a Comprehensive Cybersecurity Risk Management Program in Accordance with NIST Standards - Shilpa Prem and Kim Tyrrell-Knott, sponsored by the Life Sciences and Health Information and Technology Practice Groups (*access restricted to sponsoring PGs)

February 2016 - Top Ten Health Law Issues 2016 - Cybersecurity, Jennifer L. Rathburn and Jennifer J. Hennessy

December 2015 - Class-Action Waivers and Arbitration Clauses in HIPAA/Data Security Disputes, Paul E. Knag

November 2015 - Insurance Coverage for Health Care Cyber Risks, Arden B. Levy, sponsored by the Health Care Liability and Litigation Practice Group

October 2015 - From the Internet to the Boardroom: Health Care Director Oversight of Cybersecurity, Kirstin Salzman and David Solberg, sponsored by the Business Law and Governance, Academic Medical Centers and Teaching Hospitals, Health Care Liability and Litigation, Health Information and Technology, Hospitals and Health Systems, and Physician Organizations Practice Group.

September 2015 - Manage Security Risks Now to Avoid a Hack(neyed), Post-Data Breach Response, Patricia A. Markus and Ken Miller

February 2015 - Increasing Risk of Theft of Health Care Information, Diane Felix

February 2015 - Top Ten Health Law Issues 2015 - Big Data in Health Care, Kristen Rosati

February 2015 - Google Glass and Health Care: Initial Legal and Ethical Questions, Nicolas P. Terry, Chad S. Priest, Paul P. Szotek

October 2014 - Offshoring Health Information: Issues and Lingering Concerns, Allen Briskin, Lisa C. Earl, Gerry Hinkley, and Joseph E. Kendell 

August 2014 - Cybersecurity and the Health Care Board, Michael W. Peregrine and Edward G. Zacharias

June 2014 - Ten Privacy and Security Tasks for Counsel, Adam H. Greene

April 2014 - Encrypting Email Within Your Health Care Organization: A Practical Guide, Alaina Crislip, sponsored by the Health Information and Technology Practice Group

April 2014 - BYOD Policies and Procedures: Keeping Pace with Technology and Keeping Patient Information Safe, Andrea Musker, sponsored by the Health Information and Technology Practice Group


Public Resources

National Institute of Standards and Technology (NIST): Framework for Improving Critical Infrastructure Cybersecurity Framework

Office for Civil Rights (OCR): HIPAA Security Rule Crosswalk to NIST Cybersecurity Framework 

OCR: Enforcement Numbers at a Glance

OCR: Fact Sheet, Ransomware and HIPAA

U.S. Government Interagency Technical Guidance: How to Protect Your Networks from Ransomware

Health Information Trust Alliance (HITRUST): Health Care Sector Cybersecurity Framework Implementation Guide 

Department of Health and Human Services (HHS), Technical Resources, Assistance Center, and Information Exchange (TRACIE): Cybersecurity Resources

Office of the National Coordinator for Health Information Technology (ONC): Security Risk Assessment Tool

ONC: Cybersecurity: A Shared Responsibility

Food and Drug Administration (FDA) Draft Guidance: Postmarket Management of Cybersecurity in Medical Devices

FDA: Premarket Management of Cybersecurity in Medical Devices

Call for Resources

AHLA is interested in expanding our Health Care Cybersecurity content collection. Please email suggestions for cybersecurity resources to add to our collection or proposals for developing new resources in this area to Bianca Bishop at
© 2018 American Health Lawyers Association. All rights reserved. 1620 Eye Street NW, 6th Floor, Washington, DC 20006-4010 P. 202-833-1100 F. 202-833-1105