June 9, 2017 4:57 am
Health records possess a wealth of critical information, and the ability of healthcare professionals to quickly access them can be vital to ensuring positive patient outcomes. However, these records also contain information that is valuable to cyber criminals.
Data gathered by the healthcare industry for the good of their patients also are targeted by nefarious people for fraud, intentional disruption, data ransoming, corporate espionage, and financial crimes. All of these cyber threats are capable of triggering emergencies with the potential to impact patient care and public health as we saw with the recent ransomware incident that struck hospitals, clinics, and other systems across the globe.
The federal government takes these threats very seriously. That is why HHS focused in two primary areas of cybersecurity during the recent global ransomware attack: protection of HHS systems and coordination with our private sector partners to help protect their systems as well.
More broadly, HHS has led a strategy to enhance cybersecurity within the Department and in the healthcare and public health sector. Through our Healthcare and Public Health Critical Infrastructure Protection partnership and via grants to the National Health Information Sharing and Analysis Center, HHS is improving the process for sharing information about cyberthreats and partnering with other government agencies and the healthcare and public health sector on cybersecurity activities, including cybersecurity risk management and preparedness. HHS is also in the process of establishing new mechanisms to drive healthcare-relevant cyber indicators, briefings, and actionable intelligence to and from a wide variety of stakeholders, both public and private.
Last year HHS established the Health Care Industry Cybersecurity Task Force following the passage of the Cybersecurity Act of 2015. The Task Force was composed of government and private industry leaders who are innovators in technology and leaders in healthcare cybersecurity. The Task Force held public meetings and consulted with other experts over the past year in order to develop recommendations to address the growing challenge posed by cyberattacks.
Today, the Task Force issued their findings to Congress that demonstrate the urgency and complexity of the ever-changing cybersecurity risks facing the healthcare industry. Their report emphasizes that healthcare cybersecurity issues are patient safety issues, and calls for a collaborative public and private sector effort to protect our healthcare systems and patients from cyber threats.
Today, much of healthcare is delivered by smaller practices and rural hospitals that may not have the resources to protect against these threats. Unfortunately, these organizations often do not possess the infrastructure to identify and track threats, lack the technical capacity to analyze the threat data they receive in order to quickly translate it into actionable information, and lack the capability to act on that information.
The Office of the Assistant Secretary for Preparedness and Response understands that healthcare facilities are facing these challenges right now and we have developed a collection of peer-reviewed resources on cybersecurity to help healthcare industry stakeholders better protect against, mitigate, respond to, and recover from cyber threats, in order to better defend patient safety and operational continuity.
As called for by the Cybersecurity Information Sharing Act of 2015 the HHS Secretary is sharing educational materials on cybersecurity, including the Task Force’s report and appendix, with industry stakeholders to improve preparedness for and response to cybersecurity threats. The Health Care Industry Cybersecurity Task Force’s report contains valuable recommendations to help improve cybersecurity throughout the healthcare sector that ultimately could better protect patient care and public health.