NP Privacy Partner
Search Nixon Peabody's Data Privacy and Cybersecurity blog  Nixon Peabody on Twitter Nixon Peabody on YouTube
Subscribe:Nixon Peabody's Data Privacy and Cybersecurity blog  Nixon Peabody's Data Privacy and Cybersecurity blog
Share Print View
Task force warns of the critical condition of health care industry cybersecurity
On June 2, the Health Care Industry Cybersecurity Task Force submitted to Congress its Report on Improving Cybersecurity in the Health Care Industry, with warnings about the growing challenges of intentional and unintentional cyber incidents with our nation’s health care. The Task Force, a public-private partnership created by the Cybersecurity Act of 2015, stressed that “[n]ow more than ever, all health care delivery organizations … have a greater responsibility to secure their systems, medical devices, and patient data.”
As noted by the Task Force, the United States health care industry is a “mosaic,” including large health systems, single physician practices, public and private research payers, research institutions, medical device developers and software companies, and a diverse patient population. This mosaic creates challenges to uniformity in cybersecurity and barriers to improvements. Further, a “matrix of well-intentioned federal and state laws and regulations” must be understood, implemented and coordinated.
Too often, health care administrators and practitioners assume that their IT networks and devices are functioning without cybersecurity vulnerability and that their IT departments are the only focal points to address cyber concerns. Such passivity can have dangerous and drastic implications, as recent ransomware incidents have demonstrated that health care delivery organizations can be interrupted due to a system compromise.
The Task Force identified the following six high-level imperatives by which to organize its recommendations and action items to improve the health care industry’s cybersecurity:
1. Define and streamline leadership, governance and expectations for cybersecurity
2. Increase security and resilience of medical devices and health IT
3. Develop the health care workforce capacity necessary to prioritize and ensure cybersecurity awareness and technical capabilities
4. Increase health care industry readiness through improved cybersecurity awareness and education
5. Identify mechanisms to protect research and development efforts and intellectual property from attacks and exposure
6. Improve information sharing of industry threats, weaknesses and mitigations
The recommendations include action items for implementation and identify key players to ensure their success. Most of all, the government and private health care sector must ensure that there are adequate resources and national collaboration in the face of ever-evolving cyber threats, which often specifically target the vulnerabilities of the health care industry due to the immediate impacts that disruptions can cause.


There are no comments yet for this post.
Items on this list require content approval. Your submission will not appear in public views until approved by someone with proper rights. More information on content approval.
* indicates a required field


Body *

Date *


Privacy Policy | Terms of Use and Conditions | Statement of Client Rights
This website contains attorney advertising. Prior results do not guarantee a similar outcome. © 2018 Nixon Peabody LLP
Sort by AttachmentsParentCategory