The cyberthreat landscape is evolving, and healthcare organizations need to better safeguard their systems. A statement from the College of Healthcare Information Management Executives and the organization's Association for Executives in Healthcare Information Society suggests the government play a larger role in cybersecurity efforts, even factoring in cybersecurity readiness as a reimbursement measure.
Healthcare is prime real estate for bad actors seeking to access and exploit data, due to the digitization of personal health information and the encouragement for providers to share patient data. However, many providers — especially those with limited resources — have trouble keeping pace with cybersecurity practices, according to the statement. And the threats are only going to evolve.
"The vehicle by which the threat is delivered will change, but we know for a fact that criminals will look at introducing 'new markets' for extorting money above and beyond what they are doing today," the CHIME and AEHIS statement reads.
CHIME and AEHIS outline the following five suggestions for lawmakers to consider that could strengthen cyber defenses and protect against hackers.
1. CHIME has long been pushing for patient matching initiatives, even launching its National Patient ID Challenge offering $1 million to innovators to develop a solution to accurately match patients with their healthcare records. As is, healthcare organizations largely use Social Security numbers to identify patients, but doing so is a significant security risk and incentivizes hackers to target the healthcare industry, according to CHIME. "Reducing the reliance on SSNs and other identifiable information that help bad actors execute fraud will immediately devalue health records on the black market," according to the statement. "The need for a healthcare identification solution, that if stolen does not have the same potential for fraud and abuse, is essential."
2. CHIME urges policymakers to encourage healthcare organizations to invest in cybersecurity resources through positive incentives. CHIME indicates just a subset of health IT budgets are dedicated to security spend, and health IT budgets only make up about 3.5 percent of overall health system budgets.
3. Cybersecurity readiness should be considered a Clinical Practice Improvement performance category in the Medicare Access and CHIP Reauthorization Act, suggests CHIME. If it were, healthcare organizations would receive reimbursement depending on their potential ability to safeguard against bad actors.
4. CHIME asks policy- and lawmakers to align privacy, security and information risk management requirements across industries and state lines. "Currently healthcare organizations dedicate highly valuable resources on navigating these complexities to demonstrate compliance with its regulators; if a streamlined regulatory framework were in place, these resources could focus more time on actively monitoring and protecting against the daily variable threats," according to the statement.
5. Strong cyber defenses begin with trained professionals, according to CHIME, which suggests a Workforce Development Program centered on healthcare cybersecurity could bolster community colleges and professional certification programs to develop a skilled workforce to fill the IT talent gap.
More articles on cybersecurity:
First known ransomware attack in 1989 also targeted healthcare
IBM Watson sets sights on cybercrime
Clinic patients receive malware-infected emails due to vendor breach