Denise Anderson, PhD, president and CEO of the Health Information Sharing & Analysis Center; Joshua Corman, founder of a volunteer cyber safety initiative; Amy McLaughlin, cybersecurity program director for the Consortium of School Networking; and Helen Norris, vice president and CIO for Chapman University testified at the hearing.
Six things to know:
- In a 2020 hospital survey, 70 percent of hospitals reported facing a significant cybersecurity incident.
- According to FBI reports, the health sector experienced at least 148 ransomware attacks from June to December 2020.
- The committee cited lack of skilled cyber staff, a lack of cyber security situational awareness, a lack of knowledge and training for the medical staff as well as at the CEO and board level, and lack of cyber security strategy including a risk management approach as risks to healthcare cybersecurity.
- Mr. Corman cited the cybersecurity workforce shortage, healthcare’s reliance on legacy systems and the multitude of known vulnerabilities as critical factors contributing to the current state of healthcare cybersecurity.
- Dr. Anderson recommended that there should be more emphasis on threat sharing and cyber education, as well as incentives for adopting cybersecurity best practices.
- The committee asked to include a cybersecurity professional, who would work as a government liaison and advocate within the Department of Health and Human Services.
