The HHS Health Care Industry Cybersecurity Task Force issued a report to Congress last Friday. The lengthy document keys in on the current state of cybersecurity in the U.S. healthcare system and gives multiple recommendations for how to solve this ever-growing threat.
The 21 members of the task force found healthcare cybersecurity is “in critical condition.” Not only is there a severe lack of security talent in the sector, but many organizations are also running on legacy equipment.
Behavioral Health, Interoperability and eConsent: Meeting the Demands of CMS Final Rule Compliance
In a webinar on April 16 at 1pm ET, Aneesh Chopra will moderate a discussion with executives from DocuSign, Velatura, and behavioral health providers on eConsent, health information exchange and compliance with the CMS Final Rule on interoperability.
This isn’t altogether astonishing. There seems to be a new data breach in healthcare nearly every day. In fact, Protenus found there were 39 breach incidents in March alone, consisting of 1.5 million breached patient records.
To go about improving these security-related problems, the task force developed a list of six significant imperatives. The imperatives include:
- Defining and streamlining governance and expectations for cybersecurity
- Increasing the security of medical devices
- Creating the workforce capacity necessary to prioritize cybersecurity awareness
- Increasing readiness via cybersecurity awareness and education
- Finding ways to protect R&D efforts and intellectual property from attacks
- Improving information sharing of threats and weaknesses
The report goes on to chronicle a marathon list of more than 100 recommendations and action items, all of which fall under the six imperatives.
A Deep-dive Into Specialty Pharma
A specialty drug is a class of prescription medications used to treat complex, chronic or rare medical conditions. Although this classification was originally intended to define the treatment of rare, also termed “orphan” diseases, affecting fewer than 200,000 people in the US, more recently, specialty drugs have emerged as the cornerstone of treatment for chronic and complex diseases such as cancer, autoimmune conditions, diabetes, hepatitis C, and HIV/AIDS.
These recommendations include everything from creating a cybersecurity leader role within HHS to pursuing research into protecting healthcare big data sets. Other recommendations are securing legacy systems; establishing a Medical Computer Emergency Readiness Team (MedCERT); developing managed security service provider models; providing patients with information on how to manage their healthcare data; and providing security clearances for members of the healthcare community.
In addition to the report, Steve Curren, director of the division of resilience in ASPR’s Office of Emergency Management, succinctly summed things up in an HHS blog post, claiming the report “emphasizes that healthcare cybersecurity issues are patient safety issues, and calls for a collaborative public and private sector effort to protect our healthcare systems and patients from cyber threats.”
In an email sent to MedCity, an HHS spokesperson commented on the implications of the report:
HHS takes the issue of cybersecurity seriously and stopping malicious cyber activity like the recent “WannaCry” ransomware attack is a top priority. That is why HHS has led a broad strategy to enhance the Department’s cybersecurity to make our data and systems as safe as they can be and to support the private sector in preparedness and response to large breaches. We understand that patients may be concerned regarding recent cyber incidents. It is important to remember that the benefits of seeking care almost always outweigh any potential cybersecurity risk.
Despite all this talk, the question remains: Will we see these recommendations come to fruition? And if so, when?
Photo: Epoxydude, Getty Images
