The College of Health Information Management Executives and the Association for Executives in Healthcare Information Security recently published a cybersecurity report that the Department of Health and Human Services Cybersecurity Task Force reviewed. The report is designed to “understand cybersecurity issues facing the industry data from a new CHIME-AEHIS survey that assesses member concerns about security threats,” according to a statement from CHIME.
This survey, of nearly 200 CHIME and AEHIS members, said social engineering, data theft and internal threats as the most common cybersecurity threats facing their organizations. Thus, according to the CHIME release, malware and ransomware ranked as the top ways that cyber criminals are exploiting weaknesses.
CHIME vice president for federal affairs, Mari Savickis, presented the findings to the task force; the task force is charged with analyzing the unique challenges and barriers to cybersecurity in healthcare. It is also studying how other industries are protecting data. The task force, made up of 21 individuals from across the healthcare industry, was formed to analyze how several industries, including healthcare, address cybersecurity. Its endgame is to present a report to Congress on its findings and recommendations.
According to respondents, healthcare organizations need more assistance from federal agencies to improve information sharing and threat assessments, and nearly 65 percent of respondents said that they were somewhat confident or not confident at all that federal legislators understand the importance of security enough to support key policy initiatives being advocated by healthcare organizations.
These same folks said that the federal government should develop tools for providers of different sizes and level of resources: “Smaller organizations with limited resources often have a different set of needs than large health systems. Respondents also called on lawmakers to adopt incentives that will encourage greater information sharing, including protecting organizations that voluntarily work to improve security across the delivery system from punitive government audits,” CHIME reports.
“Cyber criminals are attacking us from nearly every angle,” said Marc Probst, chair of the CHIME board of trustees and CIO at Intermountain Healthcare. “We have to be extremely vigilant in educating our staff and our business partners on how to minimize the risk of an attack. We are only as safe as the weakest link along our networks.”
The HHS task force is expected to deliver its report on cybersecurity in healthcare early 2017.