Physician credentialing and healthcare billing are two areas that can be dramatically improved by using AI technologies, said Harman Dhawan, CEO and founder of Bikham Healthcare, a revenue cycle management services firm that is applying AI to its services offerings.

Recent draft guidance from the Food and Drug Administration represents a game-changer in how the makers of medical devices should approach the cybersecurity of their products, say Axel Wirth and Vidya Murthy of medical device security firm MedCrypt.

The inclusion of a new secure product development framework for manufacturers is a most significant addition to recently updated federal draft guidance for the cybersecurity of premarket medical devices, says attorney Linda Malek of the law firm Moses & Singer LLP.

New Health Sector Coordinating Council guidance aims to help medical device makers improve their communications regarding security vulnerabilities in their products, says Matt Russo, a security leader at Medtronic and a member of the task group that developed the document.

Regulators should require all medical device makers to include a baseline of certain cybersecurity protections in their products and to build in a feature that allows safe vulnerability scanning of their devices, says researcher Daniel Bardenstein, a strategist at CISA.

With the surge of large health data breaches involving vendors, healthcare entities must take critical steps to improve their third-party security risk management, says John Delano, a CIO at AdventHealth, which operates 50 hospitals in nine states.

Many healthcare organizations that are up for renewals of cyber insurance policies are seeing big increases in premiums and a long list of new security requirements from their carriers, says Mac McMillan, who recently returned as CEO of the consultancy CynergisTek.

Connected health devices - ranging from health gadgets and applications used by consumers to IoT devices used in healthcare settings - raise numerous security and privacy issues that must be addressed, according to attorney Justin S. Daniels and consultant Jodi R. Daniels.

Several critical security vulnerabilities in the firmware of control panels powering current models of pneumatic tube system stations made by Swisslog Healthcare could allow attackers to gain control of targeted hospitals' tube networks, says Ben Seri of the security firm Armis, which discovered the flaws.

While the use of telehealth has surged during the COVID-19 pandemic, the data security and privacy concerns for both patients and healthcare providers have also increased, says cybersecurity strategist Kayne McGladrey.

The framework for how cyber insurance policies are designed for healthcare sector organizations is evolving, especially as more entities experience "high impact" ransomware incidents, says former healthcare CISO Sumit Sehgal.

The U.S. government should more closely collaborate with Big Tech companies to better respond to the surge in ransomware attacks and other cybercrimes hitting healthcare and other sectors, says crisis management and investigations attorney Bill Moran.

Evolving ransomware attacks pose a growing threat to the integrity of electronic health records, says Michael Hamilton, CISO at the security firm CI Security, who calls for heightened attention to EHR security.

With cyber incidents involving vendors - including cloud services providers - surging, healthcare entities must step up scrutiny of their business associates as well as those companies' subcontractors, says Thad Phillips, CISO at Baptist Health Care in Pensacola, Florida.

A recent Supreme Court ruling in a Facebook case offers important lessons to the healthcare sector, says regulatory attorney Paul Hales, who describes the case and its implications.

Attackers targeting the healthcare sector are frequently exploiting unprotected internet-facing databases and unsecured network devices, including "shadow IT," says David Sygula, a senior analyst at the security firm CybelAngel.

In a case study interview, Aaron Miri, CIO at The University of Texas at Austin, describes steps the organization is taking to streamline and automate third-party risk management at its various units, including its medical school and clinical practice.

In light of recent supply chain attacks, many organizations need to improve mitigation of the risks posed by their vendors, says Tony Cook, head of threat intelligence at GuidePoint Security.

Proposed changes to the HIPAA Privacy Rule could weaken patient data privacy protections, say Rita Bowen and Zachary Perry of the Association of Health Information Outsourcing Services, who explain why in this joint interview.

Third-party software component vulnerabilities in medical devices are among several cyber-related health technology hazards posing significant risks to healthcare entities and their patients, say researchers Chad Waters and Juuso Leinonen of ECRI, a not-for-profit patient safety organization.