Content area
Full Text
The U.S. Department of Health and Human Services is actively working with a broad coalition of partners to enhance cybersecurity across the healthcare and public health sectors.
Cyber-attacks on independent practitioners as well as large, integrated health systems have infected even the most protected networks. By the end of 2019, 764 healthcare providers had fallen victim to ransomware.1 Phishing attacks increased throughout 2019; one aggressive phishing attack on the Oregon Department of Human Services system affected 645,000 patients.2 The U.S. Department of Health and Human Services Office for Civil Rights Breach Report concluded that 38 million healthcare sector records were exposed in 2019 versus 7 million in 2018.
Recent highly publicized ransomware attacks on hospitals necessitated diverting patients to other hospitals and barred access to patient records, affecting care delivery. Such cyber-attacks can expose sensitive patient information and lead to substantial financial costs in an effort to regain control of hospital systems and patient data.
These attacks do not occur in a vacuum; they affect us all and continue to threaten sectors of our nation's critical infrastructure. There has never been a more critical time for our sector to address cybersecurity. Given the increasingly sophisticated and widespread nature of these attacks, the healthcare industry must make cybersecurity a priority and commit to the investments necessary to protect its patients.
MOBILIZATION AND COORDINATION
Similar to combating a deadly virus, battling cyber-attacks requires mobilization and coordination of resources across myriad public and private stakeholders, including hospitals, IT vendors, medical device manufacturers, and governments (state, local, tribal, territorial, and federal) to mitigate the risks and minimize the impacts of a cyber-attack.
Cybersecurity is an enterprise issue with consequences for the organization's mission, business, and programs-not just the IT department. For the healthcare industry, it is fundamentally about patient safety and uninterrupted care delivery. Not only is cybersecurity a challenge of technology and tactics, it also is a challenge of increasing awareness across all elements of healthcare organizations-doctors, nurses, administrators, healthcare practitioners, cybersecurity professionals, IT and non-IT experts-and engaging them in a mission that is about much more than technology.
Addressing this threat also requires a broad, collaborative approach across a multitude of organizations within the government and the private sector. The U.S. Department of Health and Human...