On the Record: HCIC Task Force Report to Congress
First Wannacry and now Petya. These recent global attacks are not just big headlines, but big risks as well. They demonstrate how Cybercrime is moving beyond data theft and ransomware. The Petya attack is about organizational ‘disruption and destruction” and highlights a new type of threat – in healthcare and other industries. West Virginia-based Princeton Community Hospital1 was hit by, and is now recovering from, Petya.
These two high profile attacks are wake-up calls. Cybercrime continues to be ever more sophisticated and disruptive. The healthcare industry remains a prime target and experiences more breaches than any other industry. According to a 2017 Ponemon study, healthcare data breach costs have been the highest compared to all other industries for seven straight years.
It’s timely that the Health Care Industry Cybersecurity (HCIC) Task Force released its report on Improving Health Care Industry Cybersecurity to Congress in June. HCIC was established as a result of the Cybersecurity Act of 2015. The task force has brought public and private sector subject matter experts together in order to address industry security challenges.
Health care organizations must secure their systems, medical devices, and patient data. At the same time, they face significant resource constraints and small operating margins. It is in this context that the HCIC report highlights six imperatives, along with recommendations for best courses of action to make organizational Cybersecurity improvements.
- Define and streamline leadership, governance and expectations for healthcare industry cybersecurity.
- Increase the security and resilience of medical devices and healthcare IT.
- Develop the healthcare workforce capacity necessary to prioritize and ensure cybersecurity awareness and technical capabilities.
- Increase healthcare industry readiness through improved cybersecurity awareness and education.
- Identify mechanisms to protect R&D efforts and intellectual property from attacks or exposure.
Improve information sharing of industry threats, risk, and mitigation.
While some or all of the recommendations and actions may already be a part of your security strategy, the report is well worth the read. Its submission to Congress is of value to the industry. Organizations such as HIMSS, AHA and CHIME are having a positive reaction to the report’s recommendations. The details of these imperatives may be helpful in educating CIOs, CISOs and others in order to get funding for your high priority security projects.
Wannacry and Petya are the latest wake-up calls to healthcare security and risk managers. For some time now we’ve been writing about these challenges, especially when it comes to the proliferation of medical IoT devices (IoMT). We’ve also posted industry and our own recommendations on how to best secure them.
When it comes to addressing the HCIC recommendation to “increase the security and resilience of medical devices”, Great Bay Software leads the way. Solving the IoMT device security challenges starts with real-time device discovery and visibility. Read our report: Minimizing Network Security Risks Created by Medical Devices to learn more.
1: Source: http://www.healthcareitnews.com/news/west-virginia-hospital-replaces-computers-after-petya-cyberattack