Amendment to the Public Health Service Act to address cyber threats in Healthcare
This year (2017), there have been over 20 reports of malware infections at medical facilities. It most cases, it remains uncertain how many of these facilities paid the ransom demands. However, every one of them reported direct or indirect impact on patient care due to the said ransomware infection. These issues range from the inability to access patient records/PHI, to turning patients away due to lack of ability to provide adequate patient care.
The healthcare industry has a target on its back for two primary reasons:
- Healthcare IT systems house a plethora of information, ranging from payment information to sensitive personal data.
- IT systems within the healthcare industry tend to be very outdated.
Healthcare Industry Addressing Cyber Threats
Becker’s Health IT and CIO Review recently reported ransomware and other cyber security threats as the top health technology hazard of 2018. Understanding the cyber threats that this industry is facing daily, the Department of Health and Human Services (DHHS) is proposed a bill focusing on cyber security. The proposed bill, deemed the HHS Cybersecurity Modernization Act, addresses the following:
- The need for the DHHS to hire a Chief Information Security Officer (CISO)
- Within one year of the Act being passed, the Secretary of the DHHS is required to submit a plan that addresses,
- Differentiation between each agency’s responsibilities for maintaining the security and integrity of said agencies information systems
- Each agencies role in training and educating the healthcare sector
Although this is a good start, cyber threats have been present for years. Perhaps this should have been implemented before cyber threats began impacting the ability to provide appropriate patient care.
To read the full proposed bill, click here.