- Improving the outreach and information sharing on healthcare cybersecurity issues, along with having more educated and qualified cybersecurity personnel and health IT experts will be essential in strengthening the healthcare cybersecurity infrastructure, according to the Healthcare Information and Management Systems Society (HIMSS).
Responding to a National Institute of Standards and Technology (NIST) request for information, HIMSS leaders explained that health IT will play an important role in improving overall healthcare cybersecurity measures.
NIST recently released its Current and Future States of Cybersecurity in the Digital Economy, and requested feedback by September 9, 2016. In the document, NIST recommended how cybersecurity could be strengthened in both the public and private sectors.
Along with protecting privacy, NIST explained it was also necessary for organizations to be “ ensuring public safety and economic and national security, fostering discovery and development of new technical solutions, and bolstering partnerships between Federal, State and local government and the private sector in the development, promotion, and use of cybersecurity technologies, policies, and best practices.”
Within the next one to two years, the federal government should increase its outreach to the healthcare sector, HIMSS wrote. Furthermore, there needs to be more outreach to healthcare when it comes to cyber threat information sharing with information sharing and analysis centers (ISACs) and information sharing and analysis organizations (ISAOs).
“Healthcare organizations need to improve their baseline security,” the letter reads. “Many organizations still have a reactive stance towards cybersecurity. Healthcare organizations can improve their security posture by adopting and implementing a framework, such as the NIST Cybersecurity Framework.”
The US Department of Homeland Security and NIST are both great resources, and additional outreach will only help improve how healthcare is able to properly react to cybersecurity threats and improve its baseline security.
“Due to a lack of appropriately trained personnel, budget, and resources, small organizations and organizations with smaller IT budgets than-average are especially vulnerable,” HIMSS added. “The importance of information sharing might be something that the new Health Care Industry Cybersecurity Task Force at the Department of Health and Human Services would be able to assist in.”
Overall, HIMSS outlined eight key challenges for healthcare cybersecurity and briefly discussed how they should be approached:
- Healthcare is Vulnerable to Cyber Attacks
- Greatest Cybersecurity Concern for the Healthcare Sector is Patient Safety
- Healthcare Organizations Still Need to Improve their Security Posture
- Aging and Outdated Technology Poses Risks to the Healthcare Sector
- Too Many Vulnerabilities in Technology to Contend with
- Third Parties Introduce Risk
- Medical Device Security is a Challenge
- Too Much Malware Exists
In the long run, HIMSS explained that the healthcare industry will greatly benefit from having more certified and educated cybersecurity professionals. This can include having more graduates from the National Security Agency’s Centers of Academic Excellence in Cybersecurity, as well as more professionals with credentials such as the CISSP, and HCISPP.
Healthcare must encourage “ innovation with an eye towards more technology-driven solutions for cybersecurity,” HIMSS wrote.
“In addition to the foregoing, there are two sources of challenges in cybersecurity today: (1) the lack of securely coded computer programs, and (2) the insecurity of the Internet,” the letter stated. “Requiring developers to use secure coding could dramatically reduce the number of vulnerabilities, thereby improving overall Internet security from attack or breakage.”