Senator outlines potential cybersecurity mandates for healthcare systems

This audio is generated automatically. Please let us know if you have any comments.

Diving brief:

  • Virginia Democratic Senator Mark Warner, chairman of the Senate Intelligence Committee, released a white paper detailing a series of potential regulatory requirements for healthcare systems aimed at improving cybersecurity in the industry.
  • Stating that cyber vulnerabilities are increasingly threatening patient safety and exposing organizations to data theft, the document states that “it has become clear that the manner in which cybersecurity is handled by actors in the healthcare sector must change”.
  • Written by Warner staff with input from cybersecurity and healthcare experts, the document outlines the challenges facing healthcare delivery organizations and offers proposals to build providers’ cybersecurity capabilities and create response systems to help recover from attacks.

Overview of the dive:

The report follows the recent ransomware attack on CommonSpirit Health, one of the nation’s largest hospital systems, which disrupted access to electronic health records and delayed patient care.

While data breaches in the healthcare industry hit an all-time high last year, efforts to improve cybersecurity have been “painfully slow and inadequate,” Warner wrote. “If we don’t act now, this situation will get worse,” he said.

The policy document states that cybersecurity can no longer be treated as an afterthought and must be integrated into the core business model of every organization, from equipment manufacturers to healthcare providers.

Equipment must be designed and built with cybersecurity at heart, and minimum cyber hygiene practices are required for healthcare providers to protect everyone in the industry, especially patients, Warner said.

Financial constraints, the use of legacy devices that were not designed to withstand today’s cyberattacks, and limited education and awareness programs for healthcare professionals have increased the impact of cyberthreats in the sector, according to the document. Some organizations said they could not afford to dedicate a member of their IT staff primarily to cybersecurity and lacked the infrastructure to identify, track and act on threats.

The document proposes establishing minimum cyber hygiene practices for healthcare organizations, addressing insecure legacy systems, requiring a “software nomenclature” for medical devices and all healthcare, streamline information sharing, and examine how Medicare payment policies should be changed to incorporate cybersecurity. expenses.

Warner co-drafted legislation, signed into law by President Joe Biden as part of the Consolidated Appropriations Act in March, that requires companies responsible for America’s critical infrastructure to report cybersecurity incidents to the government.

The senator asked individuals, researchers, businesses, organizations and advocacy groups to submit their comments on the policy options contained in the document or to offer additional ideas for inclusion in possible legislation.

Add Comment