Cybersecurity in the health care industry is in critical condition according to the Health Care Industry Cybersecurity (HCIC) Task Force, however, many providers lack the expertise and resources to comply.
Cyber compliance is seen as a hurdle by many in the industry, as the regulations are sometimes “vague and redundant”. Thus, due to the lack of cybersecurity management within the industry, imminent risks cause concern particularly because of the nature of health care data - a valuable asset to any attack, especially because of its inability to change if compromised.
“The HCIC Task Force has recommended the prioritization of six high-level measures in order to address the vulnerabilities in health care cybersecurity:
- Define and streamline leadership, governance, and expectations for health care industry cybersecurity.
- Increase the security and resilience of medical devices and health IT.
- Develop the health care workforce capacity necessary to prioritize and ensure cybersecurity awareness and technical capabilities.
- Increase health care industry readiness through improved cybersecurity awareness and education.
- Identify mechanisms to protect research and development efforts and intellectual property from attacks or exposure.
- Improve information sharing of industry threats, risks, and mitigations.”
Recent threats (WannaCry) prove the importance of dedicating increased focus (especially at the board/executive level), time and resources to cybersecurity compliance and management within the health care industry.
Read the source article on The National Law Review here.