The United States Cyberspace Solarium Commission recommends participating in Health-ISAC to improve resiliency to cyberattacks
Recommendations
Healthcare providers’ resiliency to cyberattacks is essential for the continuity of public health services The solution to current gaps is not reactive regulation that seeks cybersecurity through compliance Instead the sector needs a proactive collaborative approach This effort should prioritize the security and operational resilience of systems most directly connected to patient care and bolster the capabilities of under resourced industry stakeholders.
For the Executive Branch
Develop New LongTerm Sector Specific Cybersecurity Objectives
The last full length strategy regarding hospital critical infrastructure protection by HHS was the Healthcare and Public Health Sector-Specific Plan of 2016. While comprehensive at the time, the threat landscape has changed drastically. HHS released this strategy before the rapid rise of ransomware and emerging technology such as generative AI that malicious actors can exploit to further their attacks. HHS should extensively update this document to address new threats. Collaboration among HHS healthcare providers and organizations such as Health-ISAC and HSCC is vital to creating a robust strategy. HHS should seek out perspectives from a range of providers diverse in size and location This strategy should identify the new challenges the sector faces and create a detailed guide to help operators mitigate these risks.
Concurrently HHS should continue to expand its efforts to provide simplified access points to cybersecurity resources such as HealthISAC and programs from HHS and CISA as well as guidelines like the proposed strategy This should help less experienced healthcare providers quickly recognize and understand the resources available to them.