The issue of healthcare security has been at the forefront of the national dialogue for the past decade, as technology advancements, malicious actors, and increasing digital data in the medical field have all worked together to make healthcare cybersecurity a serious challenge. As the industry continues to work to mitigate risks, particularly around patient data, an effort is underway to bring much-needed cybersecurity boosts to the healthcare system.
The recently introduced Cybersecurity for Connected Medical Device Security Act, which is currently making its way through Congress, will require manufacturers of internet-connected medical devices to meet certain security standards. This includes rigorous periodic cybersecurity assessments, an explicit need to correct known vulnerabilities, and a tracking system for medical devices that allows for organizations to maintain an accurate inventory of their connected equipment.
Beyond the legislation being debated by Congress, the Department of Homeland Security (DHS) is actively engaging in efforts to ensure healthcare organizations are better protected. By way of the Healthcare Cybersecurity Cooperation Act, signed into law in 2018, the DHS is now able to work directly with healthcare organizations and provide them with the resources and expertise needed to properly secure their systems. This includes offering technological assistance, training healthcare workers on how to better protect their data, and providing cyber intelligence to organizations on potential threats or malicious actors.
Clearly, the government is taking the issue of healthcare cybersecurity seriously, as evidenced by the continued investment being made. However, it’s important to acknowledge that the effort to enhance security is likely to take time, particularly since the legislation mentioned above is just beginning its path through Congress.
Nonetheless, it is imperative for all healthcare organizations to ensure their cybersecurity measures are up to date and robust. One of the most effective measures an organization can take is to develop a comprehensive cybersecurity strategy that encompasses everything from ongoing staff training and contingency plans to secure technology solutions.
Ultimately, as the government works to strengthen healthcare cybersecurity measures, healthcare organizations must look at it as an opportunity to proactively assess their own cybersecurity posture. It is only through a holistic approach and across all layers of the healthcare system that attacks can be stopped in their tracks and fully-secure healthcare data systems can be a reality.