Health Care Cybersecurity is in “Critical Condition”
The Health Care Industry Cybersecurity Task Force issued a report to Congress that addresses the current state of cybersecurity in the U.S. healthcare system and offers a number of recommendations to address the ever-growing industry threat. The Task Force found that healthcare cybersecurity is in critical condition: not only is there a severe lack of security talent in the sector, but many organizations are also running on legacy equipment. Notably, breach incidents have been averaging one per day. The Task Force recognized that the industry was moving towards modernizing its IT systems and building security, but much remains to be done. The report notes that three out of four hospitals do not have a designated security person and have been forced to get creative to meet their security needs. The Task Force identified six imperatives:
- Define and streamline governance and expectations for cybersecurity.
- Increase the security of medical devices.
- Create the workforce capacity necessary to prioritize cybersecurity awareness.
- Increase readiness via cybersecurity awareness and education.
- Find ways to protect R&D efforts and intellectual property from attacks.
- Improve information sharing of threats and weaknesses.
Get Help with Cybersecurity ComplianceConnect with a Compliance Consultant Today
The report provides more than 100 recommendations and action items, all of which fall under the six imperatives. The items listed include:
- Create a healthcare-specific cybersecurity framework.
- Establish a HHS cybersecurity leader role to pursue research into protecting healthcare big data sets.
- Secure legacy systems.
- Establish a Medical Computer Emergency Readiness Team (MedCERT).
- Develop managed security service provider models.
- Provide patients with information on how to manage their healthcare data.
- Provide security clearances for members of the healthcare community.
Looking for Help with Your Cybersecurity Compliance?
Strategic Management Services has compliance experts with years of experience designing healthcare specific compliance programs. If you have questions regarding the effectiveness of your cybersecurity measures give us a call at (703) 683-9600 or contact us online.Subscribe to blog