A federal task force called healthcare cybersecurity a “public health concern” that needs “immediate and aggressive attention,” and said increased digital connectivity places a greater responsibility on healthcare organizations to secure their equipment and patient data.
After a record-breaking year of data breaches last year, experts have predicted that the healthcare industry will increase cybersecurity spending in 2017. Threats to cybersecurity for healthcare facilities range from technical exploits such as ransomware to insider threats such as employee negligence. Both types of threats can potentially expose patient data and leave it susceptible to fraud and identity theft.
To address these and other challenges of cybersecurity for healthcare, Congress established the Health Care Industry Cybersecurity Task Force. In a recent report to Congress, the task force used information gathered from briefings, public meetings and expert consultations to identify six imperatives to help improve cybersecurity for healthcare as an industry.
- Define and streamline leadership, governance and expectations for healthcare industry cybersecurity – A single person should be responsible for coordinating cybersecurity activities within and outside of HHS.
- Increase the security and resilience of medical devices and health IT – Ensure that legacy systems are secured and track medical device vulnerabilities.
- Develop the healthcare workforce capacity necessary to prioritize and ensure cybersecurity awareness and technical capabilities – Identify cybersecurity leadership within an organization with the authority and expertise to prioritize cybersecurity issues and initiatives.
- Increase health care industry readiness through improved cybersecurity awareness and education – Develop programs geared toward executives and boards of directors about the importance of cybersecurity education.
- Identify mechanisms to protect research and development efforts and intellectual property from attacks or exposure – Develop guidance for the healthcare industry and academia to evaluate cybersecurity risks for healthcare R&D.
- Improve information sharing of industry threats, weaknesses, and mitigations – Streamline the sharing of cybersecurity information and guidance to make it easier to use for small and medium-sized healthcare organizations.
The task force also identified best practices from the financial services and energy sectors, including conducting comprehensive information sharing and implementing baseline protections, such as patching systems against known vulnerabilities. The task force also recommended boosting communications and collaboration across the industry in order to educate portions of the sector that may not have had access to information about the latest threats to cybersecurity for healthcare organizations.