- Sen. Mark Warner, D-Virginia, is stepping up his push to bolster cybersecurity in the healthcare sector, calling on the Food and Drug Administration, the Department of Health and Human Services, and other federal agencies to provide insight on the government’s efforts to reduce vulnerabilities in healthcare.
NIST and the Centers for Medicare and Medicaid Services were also asked to provide feedback.
The letter was sent just four days after Warner called on some of the industry’s largest stakeholders, like HIMSS, the American Medical Association, and others, to help develop a short- and long-term plan to reduce healthcare’s cybersecurity flaws.
On Monday, Warner took his fight to the federal level and asked for insight into just how these agencies are tackling healthcare’s security challenges, specifically asking for strategic recommendations and details on the federal measures in place that are meant to shore up these threats.
The letters come in response to the increased number of patient records breached in the sector, as well the continued threat of hacking and other security challenges. Healthcare has continued to struggle to adopt strong security tools and policies, often due to a lack of resources and staffing shortages.
Further, a 2017 Trend Micro report showed 100,000 healthcare devices and systems, like EHRs and medical devices, were directly exposed to the internet, Warner explained.
“The sensitive nature of medical information makes the healthcare industry a lucrative target for criminals seeking to profit from personally identifiable information,” Warner wrote. “Medical records often contain private information, including a patient’s social security number, address, and health history.”
“When stolen, this information can be used to conduct identity theft,” he continued. “The importance of continued availability of health data also makes health care organizations lucrative targets for ransomware attacks.”
As a result, he’d like to work with these agencies to develop strategies to strengthen information security. Warner asked the groups to provide feedback on these areas: how their organization identifies and reduces vulnerabilities, how they’ve worked to establish an effective national cybersecurity strategy, and how they engage with industry stakeholders to reduce those flaws and any results.
Warner also asked for recommendations on whether there were any laws and regulations that could be changed to improve cybersecurity efforts in healthcare, as well as recommendations on just how to establish a national cybersecurity challenge.
Just this week, New York Governor Andrew Cuomo ordered an investigation into Facebook’s health data practices, while California introduced legislation that would mandate organizations notify individuals when biometrics or passport information was breached.