In 2017, there have been over 20 medical facilities that were infected with ransomware. It remains uncertain how many of these facilities paid the ransom demands; however, each and every one of them reported issues with patient care due to the ransomware infection. These issues range from the inability to access patient records, to turning patients away due to lack of ability to provide adequate patient care.
The healthcare industry has a target on its back for two primary reasons. First, IT systems within the healthcare industry are typically very outdated. Second, healthcare IT systems house a plethora of information, ranging from payment information to personal data.
Healthcare Industry Addressing Cyber Threats
Becker’s Health IT and CIO Review recently reported ransomware and other cyber security threats as the top health technology hazard of 2018. Understanding the cyber threats that this industry is facing on a daily basis, the Department of Health and Human Services (DHHS) is proposed a bill focusing on cyber security. The proposed bill, deemed the HHS Cybersecurity Modernization Act, addresses the following:
- The need for the DHHS to hire a Chief Information Security Officer (CISO)
- Within one year of the Act being passed, the Secretary of the DHHS is required to submit a plan that addresses,
- Differentiation between each agency’s responsibilities for maintaining the security and integrity of said agencies information systems
- Each agencies role in training and educating the healthcare sector
Although this is a good start, cyber threats have been present for years. Perhaps this should have been implemented before cyber threats began impacting the ability to provide appropriate patient care.
To read the full proposed bill, click here.