Health Care Industry Cybersecurity Task Force Report

The latest report from the Health Care Industry Cybersecurity Task Force provides information on how cybersecurity can affect patient safety.

In June 2017, the Health Care Industry Cybersecurity Task Force introduced multiple recommendations for improving cybersecurity in the health care industry. These recommendations come in the form of a 96-page report.
In the executive summary, the report calls to attention the fact that cybersecurity issues can lead to patient safety issues. It’s not just about making sure that there isn’t a breach because HIPAA says so, but also ensuring that patients are protected, physically and financially.

The authors state that “data collected for the good of patients and used to develop new treatments can be used for nefarious purposes such as fraud, identity theft, supply chain disruptions, the theft of research and development, and stock manipulation. Most importantly, cybersecurity attacks disrupt patient care.”

Additionally, the report addresses the fact that there are many smaller health care organizations that may not have the financial ability to hire full time information security personnel. Consequently, these organizations may not be able to identify and track threats, or mitigate them effectively.

In the report, the Task Force identifies six areas for health care organizations of all sizes to consider when dealing with cybersecurity. Those six points found in the report are:

1. Define and streamline leadership, governance, and expectations for health care industry cybersecurity.
2. Increase the security resilience of medical devices and health IT.
3. Develop the health care workforce capacity necessary to prioritize and ensure cybersecurity awareness and technical capabilities.
4. Increase health care industry readiness through improved cybersecurity awareness and education.
5. Identify mechanisms to protect research and development efforts and intellectual property from attacks or exposure.
6. Improve information sharing of industry threats, weaknesses and mitigations.

We will have more information on this for you in later posts. Until then, join HIPAAgps to learn what you can do to help protect your patients and their information.