On Tuesday, the House Energy & Commerce Committee’s Subcommittee on Oversight & Investigations held a hearing titled “Cybersecurity in the Health Care Sector: Strengthening Public-Private Partnerships.” The hearing examined the role of public-private partnerships, including the National Health Information Sharing and Analysis Center (NH-ISAC) and the Healthcare Industry Cybersecurity Task Force, in addressing the growing cybersecurity threat to the healthcare sector. It also sought to explore the challenges and identify opportunities to improve health care cybersecurity.
Both Members of Congress and witnesses, including representatives from the NH-ISAC and healthcare technology companies, acknowledged that healthcare organizations, regardless of size or location, are particularly vulnerable to cyber attacks as technology becomes increasingly integrated into patient care. The healthcare sector also faces a unique challenge due to the large number of small and medium organizations that often have limited tools and resources to identify and defend against cyber threats.
A key element identified at the hearing is the ability to securely share information on threats, vulnerabilities, and incidents across the sector and with the federal government, underscoring the critical role of public-private partnerships. Denise Anderson, President of the NH-ISAC, noted in her testimony that while there are a number of great initiatives and efforts underway within the sector, there is still much more that can be done, and significant challenges remain. Many of the other issues raised echoed elements of HIMSS’ Cybersecurity Call to Action released in October 2016. These issues included the need for a cyber leader at HHS to serve as a liaison to the healthcare sector, the shortage of tools and resources for smaller and under-resourced organizations and a shortage in the number of cybersecurity professionals to meet the growing needs of the healthcare sector.
With a renewed focus on healthcare cybersecurity in Congress, HIMSS will continue working with Congress, the federal government, and stakeholders from the healthcare sector to ensure all health organizations, regardless of size, have the tools, resources, information, leadership and expertise needed to protect patients and their data from current and future cyber threats.