A healthcare cybersecurity task force mandated by Congress is establishing a set of suggestions that it expects will assist to counter the increasing cyber threats that are putting sufferer information at risk. Task force handles and tackles key healthcare cybersecurity issues.
Established by the Department of Health and Human Services in reaction to the Cybersecurity Information Sharing Act of 2015, the task force handles the cyber crime and is charged with investigating the healthcare’s challenges in securing information from hacker attacks and to analyze what best practices/lessons can be learned from other industries in how to successfully execute safeguards.
In accordance to Theresa Meadows, co-chair of the Health Care Industry Cybersecurity Task Force and CIO of Cook Children’s Health Care System, the panel’s twenty subject matter experts are drawn from a huge variety of agencies involving contributors, payers, pharmaceutical agencies, medical device manufacturers, Information technology vendors, and government agencies.
“We’ve representation from entire segments within healthcare so that we can have well-rounded discussions,” stated Meadows. “There is also a sufferer advocate on the task force.”
Meadows claimed that the task force handles the cybersecurty and had held several public and private meetings to date and will be “wrapping up its charge” early next year, after which it will report to Congress on its findings and suggestions.
Among the places that the task force handles the healthcare cybersecurity, it will be addressing the following things in its final report:
- Reviewing issues to secure networked medical devices and other software or networks that link to an electronic health record;
- Giving the HHS Secretary with data to disseminate to healthcare industry stakeholders to make better their preparedness for, and response to, cybersecurity threats; and
- Developing a plan to make a single system for the federal government to share actionable intelligence regarding cybersecurity threats to the healthcare industry in near real-period for no fee.
“Today, there is not a great mechanism for sharing data when cybersecurity problems occur,” analyzes Meadows. “Normally what happens is we hear through word of mouth or we see it in the media, but we do not really know what the cause was and so there is no way for us to be proactive in stopping these things in our agencies.”
With the rash of latest ransomware attacks on healthcare agencies, Meadows claims that the panel will also be taking a glance at how to secure health data from these kinds of file-encrypting malware. The risk of Ransomware is within the “scope of threat that people require knowing about and how to decrease, so we’ll put together some suggestions around that,” she adds.
When it comes to the susceptibilities of networked medical devices, Meadows points out that most of the devices presently in use at healthcare services are between 5 to 10 years old. The issue with these legacy medical devices is that “10 years ago nobody was thinking about security,” she states.
As Meadows points out, compared to other industries, healthcare’s cybersecurity atmosphere is distinctive which can be restricting in terms of potential safeguards that can be put in place.
“In banking, they can lock down everything because they do not have to worry about a physician requiring access to patient data,” she remarks. “That is a normal regular occurrence and if we lock up the information then care can’t be given. If physicians do not have access to medical records or lab results, that is a big deal. They have got to have access to the information at all times.”
“We have got to search a model that works for healthcare and yet perits us to provide care—and that is the delicate balance,” she concludes. “We are in a information gathering mode right now.”
No comments:
Post a Comment