Jul 11


On the Record: HCIC Task Force Report to Congress

By Great Bay Software

First Wannacry and now Petya. These recent global attacks are not just big headlines, but big risks as well. They demonstrate how Cybercrime is moving beyond data theft and ransomware. The Petya attack is about organizational ‘disruption and destruction” and highlights a new type of threat – in healthcare and other industries. West Virginia-based Princeton Community Hospital1 was hit by, and is now recovering from, Petya.

These two high profile attacks are wake-up calls. Cybercrime continues to be ever more sophisticated and disruptive. The healthcare industry remains a prime target and experiences more breaches than any other industry. According to a 2017 Ponemon study, healthcare data breach costs have been the highest compared to all other industries for seven straight years.


It’s timely that the Health Care Industry Cybersecurity (HCIC) Task Force released its report on Improving Health Care Industry Cybersecurity to Congress in June. HCIC was established as a result of the Cybersecurity Act of 2015. The task force has brought public and private sector subject matter experts together in order to address industry security challenges.


Health care organizations must secure their systems, medical devices, and patient data. At the same time, they face significant resource constraints and small operating margins. It is in this context that the HCIC report highlights six imperatives, along with recommendations for best courses of action to make organizational Cybersecurity improvements.


  1. Define and streamline leadership, governance and expectations for healthcare industry cybersecurity.
  2. Increase the security and resilience of medical devices and healthcare IT.
  3. Develop the healthcare workforce capacity necessary to prioritize and ensure cybersecurity awareness and technical capabilities.
  4. Increase healthcare industry readiness through improved cybersecurity awareness and education.
  5. Identify mechanisms to protect R&D efforts and intellectual property from attacks or exposure.
    Improve information sharing of industry threats, risk, and mitigation.

While some or all of the recommendations and actions may already be a part of your security strategy, the report is well worth the read. Its submission to Congress is of value to the industry. Organizations such as HIMSS, AHA and CHIME are having a positive reaction to the report’s recommendations. The details of these imperatives may be helpful in educating CIOs, CISOs and others in order to get funding for your high priority security projects.


Wannacry and Petya are the latest wake-up calls to healthcare security and risk managers. For some time now we’ve been writing about these challenges, especially when it comes to the proliferation of medical IoT devices (IoMT). We’ve also posted industry and our own recommendations on how to best secure them.


When it comes to addressing the HCIC recommendation to “increase the security and resilience of medical devices”, Great Bay Software leads the way. Solving the IoMT device security challenges starts with real-time device discovery and visibility. Read our report: Minimizing Network Security Risks Created by Medical Devices to learn more.


Healthcare IT: 7 Challenges to protecting ePHI Data

3 Major Benefits of Micro Segmentation in Healthcare

Why the Healthcare Industry is the Top Target for Data Breaches

Minimizing Network Security Risks Created by Medical Devices Whitepaper

1: Source: http://www.healthcareitnews.com/news/west-virginia-hospital-replaces-computers-after-petya-cyberattack


Related Posts

Aug 17


It’s Always Sunny in Philadelphia

It’s Always Sunny in Philadelphia Healthcare Informatics, an-online publication, hosts a series of Health IT Summits across the country. We just returned from the Philadelphia Conference. We had...

Aug 10


Is Your IoMT Security Keeping up with Regulatory Mandates?

Securing healthcare networks and devices is not just critical to operational continuity but to regulatory compliance as well. Compliance can be a veritable alphabet soup of mandates: HIPAA mandates...

Aug 02


How’s the Health of Your Security Budget?

A recent Harvard Business Review article1 reminds us that the healthcare sector is the most heavily-targeted vertical industry. Read more in our earlier “Top Target” post. In 2016, more than 25% of...

Subscribe to Blog Updates