Search This Blog

Powered by Blogger.

Blog Archive

Labels

Rising Healthcare Cyberattacks: White House Contemplates Response

Health and Human Services has multiple potential avenues to regulate cybersecurity within its purview, making it distinct among federal agencies.

 

Amidst a continuous stream of cyberattacks targeting the healthcare sector, leading to disruptions in hospitals and patient care, the Biden administration is taking a measured approach in formulating regulations to bolster the industry's cybersecurity defenses.

Andrea Palm, Deputy Secretary of Health and Human Services, stated that they are thoroughly exploring various options to ensure a comprehensive advancement of this agenda. The department oversees several critical aspects of healthcare cybersecurity, including incident preparedness, certification of health IT vendors, and compliance with data security and privacy regulations.

Health and Human Services has multiple potential avenues to regulate cybersecurity within its purview, making it distinct among federal agencies. It remains uncertain if internal disagreements on the right approach or the need for additional resources are delaying the development of healthcare cyber regulations.

During a recent cybersecurity roundtable with industry leaders, representatives from hospital associations and cybersecurity groups discussed concerns and ways for the government to address security gaps that have fueled ransomware attacks. One prevalent concern was the vulnerability of rural hospitals, underscoring how their cybersecurity shortcomings pose a risk to the entire industry.

Many rural hospitals lack specialized IT or cybersecurity staff, and even when present, executives may not be equipped to ask the right questions. To assist these facilities, suggestions included launching regional training programs or "boot camps" for rural hospital leaders.

Mark Jarrett of Northwell Health emphasized the importance of integrating cybersecurity discussions into patient care dialogues, suggesting that it should become a routine part of safety rounds in hospitals. Additionally, Mari Savickis urged the federal Centers for Medicare & Medicaid Services to incorporate cybersecurity into billing discussions with doctors.

Health and Human Services has collaborated with the Cybersecurity and Infrastructure Security Agency (CISA) to address cybersecurity concerns in the healthcare sector. CISA has identified hospitals as one of three priority communities with highly vulnerable targets. Nitin Natarajan, CISA's Deputy Director, emphasized the significance of cybersecurity in safeguarding patient safety.

However, a major challenge remains: how to make cybersecurity upgrades viable for the numerous small, under-funded medical providers across the U.S. One proposed solution is for larger hospital systems to directly offer cybersecurity services to smaller institutions in their regions, possibly with the aid of federal grants. This approach is being discussed, but no specific endorsement has been made yet.

Natarajan stressed that the industry should not solely rely on federal funding for this substantial undertaking, emphasizing the need for a collaborative effort to mitigate cybersecurity risks effectively.
Share it:

Cyber Security

Cyber Threats

Healthcare cybersecurity

patient data protection

regulatory measures

White House response