HHS releases 88-page report on ways to improve healthcare cybersecurity — 8 things to know

Written by Megan Wood | June 06, 2017 | Print  |

HHS' newly released 88-page report on healthcare cybersecurity touches on ways small and medium-sized organizations can improve, according to Medscape.

HHS developed the report as a part of the Cybersecurity Act of 2015.

 

Here are eight things to know:

 

1. The task force creating the report was composed of thought leaders from the federal government, hospitals, insurers, patient advocates, security firms, pharmaceutical companies, medical device manufacturers, health information technology developers and laboratories.

 

2. The report labeled healthcare cybersecurity as a "key public health concern that needs immediate and aggressive attention."

 

3. The report highlighted six key areas of improvement:

 

• Streamlining healthcare cybersecurity leadership, government and expectations
• Boosting security of medical devices and health IT
• Ensuring proper resources to prioritize cybersecurity awareness
• Improving cybersecurity awareness and education
• Safeguarding research and development projects as well as intellectual property form attacks
• Promoting information sharing of threats, weaknesses and mitigations

 

4. The report pinpointed out-of-date systems; healthcare system interconnectivity via the internet; and inability to afford advanced security software as three roadblocks to effective cybersecurity.

 

5. The task force suggested small and medium practices leverage managed security service providers to avoid hiring professional security personnel.

 

6. Additionally, practices should transfer their patient records to the cloud.

 

7. Medical device vulnerability accounted for a good chunk of the report, with the task force recommending device vendors become versed in security risks and relay those risks to customers. Additionally, the report called on vendors to require two-factor authentication for external device access and build a medical computer emergency readiness team to response to incidents.

 

8. The task force also called on the HHS to hire a healthcare cybersecurity leader, who sets industry standard.

 

More articles on practice management:
Modernizing Medicine sends 3.4k providers' PQRS data for quality reporting: 5 things to know
Avista Capital Partners acquires National Spine & Pain Centers: 4 notes
Virginia Mason Memorial to take on financial risk for Orthopedics Northwest in new agreement — 7 insights

 

© Copyright ASC COMMUNICATIONS 2019. Interested in LINKING to or REPRINTING this content? View our policies here.

Top 40 Articles from the Past 6 Months