“Healthcare systems and technologies are under attack like they have never been before”, according to Leo Scanlon CISSP, Deputy Chief Information Security Officer and Senior Cybersecurity Advisor for Healthcare Cybersecurity at HHS www.hhs.gov. “We need to be able to deliver effective and safe care so that patient safety is not exposed to unnecessary risk.”
At the recent 9th mHealth + TeleHealth World Conference www.worldcongress.com Scanlon pointed out, “The HHS Office of Information Security (OIS) is working to protect critical information at HHS by implementing specific cybersecurity capabilities and engaging fully in HHS wide security collaboration activities.”
Scanlon reports, “It is difficult to protect healthcare in the U.S healthcare industry since the healthcare industry is a very large system that includes single physician practices, public and private payers, research institutions, medical device developers, software companies, and a diverse and widespread patient populations. To make it even more difficult to protect systems, there are many necessary federal and state laws and regulations that can impede addressing issues across jurisdictions.”
In addition, there are trends complicating cybersecurity threats. For instance, phishing messages are getting increasingly creative and cybercriminals are now combing malicious software and worms to infect whole networks. In addition, since there are more and more connected devices, this enables hackers to do even more attacks.
Cases of identity theft, ransomware, and targeted nation-state hacking show that healthcare data is extremely vulnerable. For example, data collected on patients can easily be used for fraud purposes, enable identity theft, and initiate supply chain disruptions, but most importantly, cybersecurity attacks disrupt patient care.
Sometimes it is difficult to understand what is going on. For example, Scanlon described how one hospital system was attacked in order to obtain chest x-rays. Why would this occur and be of value? It seems that in a number of counties, a clean x-ray is needed to enter, therefore clean x-rays are of value to many individuals wishing to enter those countries.
Scanlon discussed how the “Cybersecurity Act of 2015” established the Health Care Industry Cybersecurity (HCIC) Task Force to address the cybersecurity challenges facing the healthcare industry. In addition to the Task Force, cooperation and sharing of information with others is taking place to fight attacks.
HHS is coordinating analysis and reporting involving real-time threats by building partnerships among the federal sector. HHS is presently working with the Department of Homeland Security www.dhs.gov, and the National Institute of Standard’s Cybersecurity Framework www.nist.gov to improve critical infrastructure. Meetings are also being held with industry leaders to discuss how best to coordinate preparedness and strengthen the response for cybersecurity incidents.