The Cyber Security Act was signed into law in 2015, and is due to stay in effect for 10 years. Section 104 of the act is titled “Authorizations for Preventing, Detecting, Analyzing, and Mitigating Cybersecurity Threats,” and it allows network operators to implement cyber security in three ways.

First, network operators can monitor activity; second, they can take defensive measures against threats; and third, they can disseminate information with others. The first two of these actions may be outsourced with written consent.

HHS taskforce

The Cyber Security Task Force was formed by the Department of Health and Human Services (HHS)  in reaction to the Cyber Security Act. Task force members represent a broad spectrum of organizations within the health care sector. These organizations include hospitals, insurance companies, researchers, patient advocates, medical laboratories, technology and pharmaceutical companies.

In June of 2017, the Task Force submitted its report to Congress, outlining the complex and ever-evolving cyber security risks facing the industry. Identified as “patient safety issues”, the report was largely a call for collaborative efforts between the private and public sector to work together to face the challenges head on.

What are the Risks?

  1. Patient data is useful for research, the development of treatments and improved care. IT is also a huge target for fraud and identity theft.
  2. Multi-user environments have grown increasingly complex, with data being shared across multiple organizations, such as insurance companies, medical researchers, and doctor referral networks. THe more points of access, the greater the risk of cyber crime.
  3. State and federal regulations have formed a matrix of rules which impede innovation and ease of process.

What are the Challenges?

  1. Healthcare organizations are often operating with such slim margins that they cannot afford a comprehensive cyber security plan, or an internal IT department to properly manage risks.
  2. A lack of infrastructure makes it difficult for organizations to identify or recognize cyber threats.
  3. Hardware is often outdated, and functioning on old operating systems which have not been updated. This leaves gaping holes for new and sophisticated cyber threats to enter the system.

Recommendations From the HHS Taskforce

  • Update legacy systems to new hardware, and implement latest software patches to close up vulnerable areas of possible risk. A strategic technology assessment can help to outline a logical plan of action which your staff – and budget – can handle.
  • Weak passwords which can be easily breached is a prime way for cyber criminals to gain access to sensitive or confidential data. In the health care world, a doctor or researcher may use multiple devices in a single day – in their office, in their patients rooms, etc. – all of which represent a possible point of entry. Remember, although cyber crime is at an all-time high, medical facilities are just as likely to be vulnerable to an internal breach of confidentiality if an unauthorized person can gain access to files and data.  Strong password protocols, two factor authentication, and remote mobile device procedures should be implemented.

Read the full report here.

The HHS taskforce recommendations for securing patient data are similar to the guidelines in many industries, as all business needs to be hyper-vigilant against attacks both internal and external. If you are in the healthcare industry, virtually every threat and recommendation made in the HHS task force report can be addressed with a technology needs assessment or business technology plan.  As stated, the Cyber Security Act permits you to outsource taking defensive measures against threats.

Therefore hiring a managed services firm may be a strong option for your organization. Companies such as Alliance IT work with many healthcare organizations to assess current vulnerabilities and formulate a plan to close the gaps as strategically and cost effectively as possible. Call us today to discuss how we can help.