The US Biden-Harris Administration has published a summary of report on the open source-software security initiative (OS3I), building on commitments made in the National Cybersecurity Strategy to “invest in the development of secure software, including memory-safe languages and software development techniques, frameworks, and testing tools”.
The White House also highlighted the launch of the Open-Source Software Prevalence Initiative, designed to advance “national understanding of the distribution of use of open-source software components in critical infrastructure” and strengthen security within the open-source software ecosystem.
As part of the report, the administration details a total of 12 activities to be completed in 2024-25, including advancing research and development; partnering with open-source communities; strengthening the software supply chain; advancing training education; advancing public-private partnerships; and assigning “vulnerability severity metrics”.
This latest cybersecurity update follows a spate of hospital cybersecurity events to have taken place in the US over the last few months, including the Ascension cybersecurity event which resulted in a loss of access to patient portals and electronic health records; and the cyber incident at Change Healthcare which had a “widespread impact on patients and health care providers nationwide” prompting the US Department of Health and Human Services’ Office for Human Rights to open an investigation.
At the end of last year, we covered the publication of the US Department of Health and Human Services’ concept paper on healthcare cybersecurity, which outlined improvements including health sector-specific cybersecurity goals, the incentivising of cybersecurity practices, greater enforcement and accountability, and the expansion of HSS’s “one-stop shop” for cybersecurity support.
In February, we also highlighted some of the key findings from the WHO’s report on the threat of cyber-attack and disinformation on healthcare, which highlighted the “digital dependence” of global healthcare systems, the sensitive nature of data stored, and “inadequate security” in the health sector as outlining health as a “prime target” for cyber criminals.
- 1
- 2
