It should come as no surprise that health care cybersecurity is one of the most pressing issues in the industry in 2019. With several high-profile data breaches making headlines last year, a Senator from Virginia, Mark Warner, is asking Congress to step in and provide guidance.
Senator Warner’s position as co-chair of the Senate Cybersecurity Caucus has helped open his eyes to the growing threat of cybersecurity issues in the health care industry and prompted him to ask for help from the federal government and other heavyweights in the health care industry. Agencies he has reached out to include the Food and Drug Administration, Department of Health and Human Services, Centers for Medicare and Medicaid Services and the National Institute of Standards and Technology, as well as a dozen health care trade associations including the American Hospital Association, American Medical Association, the Federation of American hospitals, America’s Health Insurance Plans, the Healthcare Leadership Council, AdvaMed and others.
Specifically, Warner is addressing how increased use of information technologies can improve the quality of care, expand access to care and reduce costs, but stressing that these have come with a price – an increased vulnerability to cyberattack. “As we welcome the benefits of health care technology,” he writes, “we must also ensure we are effectively protecting patient information and the essential operations of our health care entities.” His letters to these institutions seek answers to nine questions regarding the steps being taken to reduce the threat of cyberattacks, updated inventory of all connected systems, appropriate patch management programs, efforts to develop in-house cyber technical expertise, changes in laws to improve prevention of cyberattacks and feedback on ideas for the creation of an industry-wide plan to improve cybersecurity.
“It is my hope that with thoughtful and carefully considered feedback we can develop a national strategy that improves the safety, resilience and security of our health care system,” Warner says.
In the meantime, all we can do is practice vigilance when it comes to protecting sensitive patient data and reinforcing the need to train our personnel to help reduce the threat of attack at the local level.