Report from the Health Sector Coordinating Council’s
Cybersecurity Working Group
When the first signs appeared toward the end of March that our economic and business rhythms, our routines and priorities, and our very national and personal lives were going to be fundamentally and radically altered by the onset of the novel Coronavirus and our response to it, leadership of the Health Sector Coordinating Council (HSCC) assumed – and prepared for – a significant retrenchment of the Council’s many task group activities and progress for the foreseeable future. It turns out that we were, to a considerable extent, happily wrong.
While some of our 15 task groups did indeed suspend activity initially so that members could focus on the exigencies of COVID-19 response, others kept their focus and cadence. In the second and third quarters of 2020, we published four best practices guides and launched heavily attended and complex task groups – on medical device cybersecurity contract language; legacy device security management and replacement; and vulnerability communications standardization. We held informative webinars with international and academic cybersecurity partners. And we added 7 new member organizations since July 1, bringing the total voting organizational membership to 251, plus 44 very helpful Advisor firms and 14 government agencies.
Now as we enter National Cyber Security Awareness Month, which occurs every October, the lesson to be learned from this level of energy and focus is that cyber crime never sleeps. The security of our public health posture, in steady state and in crisis, is a confluence of many complex and interdependent interactions – which include the integrity of our data and technology systems – that the public depends upon for our national health and safety. We learned that even in the worst of times, cyber adversaries will continue to disrupt and exploit our health infrastructure for immoral advantage. This lays bare the intensified responsibility of everyone in the healthcare cyber community to continually strengthen our cyber defenses and response, to inoculate our health system from cyber attack, so that our front line healthcare providers can do their jobs treating the sick.
Kudos to all in the HSCC and the Health-ISAC for your commitment to protecting the tools, the data, and the IT systems that support our health providers and a well-functioning healthcare infrastructure. Keeping in mind our mantra that patient safety requires cyber safety, we should always be motivated by the recognition that we are never done, only better.
HSCC Cybersecurity Working Group