- Sen. Mark Warner, D-Virginia, is calling on some of the healthcare sector’s biggest stakeholders to share what they are doing to prevent cyberattacks and how those efforts can be supported by the government.
The letter was sent to HIMSS, the American Hospital Association, the American Medical Association, the National Rural Health Association, and a host of others. The hope, according to Warner, is that these groups might work together to develop both a short- and long-term plan for reducing cybersecurity vulnerabilities in the healthcare sector.
In 2018 alone, 15 million patient records were breached, as hacking and phishing attacks continue to plague the sector at an alarming rate. Breached organizations can spend upwards of $1.4 million in recovery, including 64 percent more on advertising to off set reputational damage and minimize patient loss.
But to Warner, the concern lies with the sensitive nature of medical records that will continue to make the sector a prime target for hackers.
“The increased use of technology in healthcare certainly has the potential to improve the quality of patient care, expand access to care (including by extending the range of services through telehealth), and reduce wasteful spending,” Warner wrote.
“However, the increased use of technology has also left the healthcare industry more vulnerable to attack,” he added. “As we welcome the benefits of healthcare technology, we must also ensure we are effectively protecting patient information and the essential operations of our health care entities.”
Oversight gaps and the impact of cyberattacks have led Warner to ask industry stakeholders to develop strategies alongside the federal government to close these gaps.
Warner asked these leaders share how they identify and reduce vulnerabilities, along with whether they maintain an up-to-date inventory of all of the connected systems within their facilities.
Further, Warner asked if these groups have real-time data for the patching status of these systems, how many systems rely on end-of-life software and operating systems, and what steps they’ve taken to reduce risks that could be nationally implemented.
Referring to the 2017 Health Care Industry Cybersecurity Task Force Report that highlighted the industry’s security challenges – including the cybersecurity staffing shortage, Warner would also like to understand the workforce and personnel challenges faced by these leaders, including how they’ve raised security awareness within their organizations.
Lastly, Warner would also like to understand if the government is doing enough to reduce cybersecurity vulnerabilities in healthcare with an effective national strategy, and what else the government can do to develop a more effective strategy and to improve those efforts.
“It is my hope that with thoughtful and carefully considered feedback we can develop a national strategy that improves the safety, resilience, and security of our health care industry,” Warner wrote.