Cybersecurity experts testified at a May 18 senate Health, Education, Labor and Pensions Committee hearing that cybersecurity training and advocacy was needed to strengthen cybersecurity in healthcare.
Denise Anderson, PhD, president and CEO of the Health Information Sharing & Analysis Center; Joshua Corman, founder of a volunteer cyber safety initiative; Amy McLaughlin, cybersecurity program director for the Consortium of School Networking; and Helen Norris, vice president and CIO for Chapman University testified at the hearing.
Six things to know:
- In a 2020 hospital survey, 70 percent of hospitals reported facing a significant cybersecurity incident.
- According to FBI reports, the health sector experienced at least 148 ransomware attacks from June to December 2020.
- The committee cited lack of skilled cyber staff, a lack of cyber security situational awareness, a lack of knowledge and training for the medical staff as well as at the CEO and board level, and lack of cyber security strategy including a risk management approach as risks to healthcare cybersecurity.
- Mr. Corman cited the cybersecurity workforce shortage, healthcare’s reliance on legacy systems and the multitude of known vulnerabilities as critical factors contributing to the current state of healthcare cybersecurity.
- Dr. Anderson recommended that there should be more emphasis on threat sharing and cyber education, as well as incentives for adopting cybersecurity best practices.
- The committee asked to include a cybersecurity professional, who would work as a government liaison and advocate within the Department of Health and Human Services.