There are probably few topics that health system directors are more tired of hearing about than cybersecurity oversight obligations. But general counsel may need to return to that topic one more time, given the release of a new "best practices" compilation.
Recently, the National Association of Corporate Directors (NACD) issued its new resource, "NACD Director's Handbook on Cyber Risk Oversight.” Key topics covered include (i) the proper allocation of cyber risk responsibilities at the board level; (ii) the legal implications related to cybersecurity; (iii) board-to-management expectations on cybersecurity processes; and (iv) improving dialogue between the board and management on cybersecurity matters.
The release of the newest NACD guidelines is a reminder of how quickly and significantly the technological, regulatory enforcement and fiduciary duty landscape is changing in the area of cybersecurity—especially in health care. The general counsel (perhaps teaming with the chief information officer) might use the release as a prompt to revisit the continued effectiveness of current board cyber risk oversight processes.