HIMSS Foundation’s Institute for e-Health Policy Holds Briefing on Cybersecurity

On Wednesday, August 10, the HIMSS Foundation's Institute for e-Health Policy and the College of Healthcare Information Management Executives (CHIME) held a briefing titled "Hacking Healthcare: The Cybersecurity Threat Landscape." The Congressional Cybersecurity Caucus served as the honorary co-host of the event. The panel discussion was facilitated by Samantha Burch, Sr. Director of Congressional Affairs at HIMSS, and the panelists included:

  • Rodney C. Dykehouse, Chief Information Officer, Penn State Milton S Hershey Medical Center and Penn State College of Medicine, 
  • Lee Kim, Director, Privacy & Security, HIMSS,
  • Theresa Meadows, Senior Vice President and Chief Information Officer, Cook Children's Health Care System;
  • Matthew Snyder, Chief Information Security Officer, Penn State Milton S. Hershey Medical Center.

The panel engaged in a robust dialogue on the unique cybersecurity challenges facing healthcare providers and shared their real-world experience with cyber-attacks. The panelists agreed that while the rapid integration of technology into the healthcare space has produced extraordinary results, the lack of adequate protections for medical devices and EHRs the has left healthcare organizations and patients vulnerable.

Lee Kim and other panelists highlighted the specific security challenges related to medical devices, noting their surprise that a higher profile event involving a hacked medical device adversely impacting patient safety hasn't occurred. Part of the solution, they argued, was for health IT vendors and manufacturers to continue building in new protections. The recent FDA guidance that allows medical device software to be updated for cybersecurity purposes without resubmission is a positive step, but panelists noted it wouldn't necessarily create the leverage necessary to drive significant change.

Other issues that the panelists covered included resource challenges facing small and rural providers, liability issues related to cyber threat information sharing, the lack of adequate security resources and tools such as human capital and the culture change necessary to appropriately elevate cybersecurity within healthcare organizations.

For additional information on the HIMSS Foundation's Institute for e-Health Policy please contact David Gray, HIMSS Manager of Congressional Affairs, at dgray@himss.org.