Implementing effective strategies and safeguards to address cybersecurity threats is a challenge for any industry, but the size and scope of attacks on health care information systems have grown rapidly in the past two years. Health care data can be used for to commit fraud or identity theft. It can also be used to disrupt of hospital systems. Connected medical devices with cybersecurity vulnerabilities left unaddressed could pose a risk to patient safety. Security of health care data and medical devices is essential to protecting patients and providing them with the highest level of care.
The Health Care Industry Cybersecurity Task Force is looking for your input to help improve cybersecurity across the industry. The Task Force is working to help identify risks, gaps, challenges, and best practices related to cybersecurity issues in the health care sector.
If you have an interest and expertise in health information technology, please help us better understand how you evaluate and mitigate risks related to cybersecurity in the health care sector and what gaps you think still remain.
Please take a few minutes to answer any or all of the following questions in comment to this blog. We are working to stimulate discussion and share the best ideas, so your responses may be made public. Please do not include any propriety, personal/private, sensitive, or confidential information.
Enhancing cybersecurity in the health care sector can help reduce risks for the industry and give patients peace of mind. The Task Force will use these inputs to augment its work and to support the broader goals of gathering information to disseminate to health care industry stakeholders; creating a single system for the Federal Government to share actionable cyber threat information; and developing the final report to Congress.
The Health Care Industry Cybersecurity Task Force was established by the U.S. Department of Health and Human Services in March 2016 per the Cybersecurity Information Sharing Act of 2015. The Secretary of Health & Human Services, in coordination with the Department of Homeland Security and the National Institutes of Standards and Technology, selected a broad array of expert representatives from the Federal Government, private sector health care organizations, other public and private sector experts on information technology and cybersecurity.
The Task Force holds monthly meetings to review its progress and identify concerns and practices both internal and external to the health care sector. The Task Force opens its meetings to the public on a quarterly basis. During the April and July meetings the Task Force received briefings from Federal leadership about the importance of cybersecurity for the health care sector, gained insight about the processes and best practices of other sectors, and reviewed the results of cybersecurity exercises and medical device workshops.
As Acting Assistant Secretary Mary K. Wakefield has indicated when she announced the formation of the Task Force, we need to protect the data that is at the foundation of our health care system. With your input, we hope to do that more effectively and find more efficient ways for the industry as a whole to protect health care information.