It’s a nice gesture – it’s the thought that counts they say – but the recent effort by the Department of Health and Human Services (HHS) to invest an insubstantial amount of just $350,000 to help organizations prevent cybersecurity threats is mere pittance of what the problem really is.
The money is supposed to help further deter healthcare’s increasing threat to strengthen the cybersecurity response across healthcare. According to a HHS statement, the funds are meant to “foster the development of a more vibrant cyber information sharing ecosystem within the healthcare and public health sector.”
According to HHS’ Office of the National Coordinator for Health Information Technology (ONC), the agency awarded a cooperative agreement to the National Health Information Sharing and Analysis Center (NH-ISAC) of Ormond Beach, Florida, to provide cybersecurity information and education on cyber threats to healthcare sector stakeholders.
“These agreements mark a critical first step toward addressing the growing threat cybersecurity poses to the health care and public health sector,” said Dr. Nicole Lurie, HHS’ assistant secretary for preparedness and response in a prepared statement. “Creating a more robust exchange about cybersecurity threats will help the industry prevent, detect and respond to these threats and better protect patients’ privacy and personally identifiable information.”
“The security of electronic health information is foundational to our increasingly digitized health system,” added said Dr. Vindell Washington, national coordinator for health information technology, also in a statement. “This funding will help healthcare organizations of all sizes more easily and effectively share information about cyber threats and responses in order to protect their data and the health of their patients.”
As has been widely reported throughout the industry and as HHS aptly notes, ransomware attacks on the healthcare system are on the rise, as well as the average cost associated with these attacks. “Today, the cost of cybersecurity breaches averages $3.8 million per attack,” HHS noted in its statement. The move is meant to help smaller healthcare entities that do not have the capabilities of doing so.
The agreements, according to HHS, also will help build the capacity of NH-ISAC to receive cyber threat information from member healthcare entities. Information about any system breaches and ransomware attacks will be relayed through a “more robust cyber information sharing environment, as will information about steps healthcare entities should take to protect their health information technology systems,” the statement says.
The news of the announcement comes on the heels of continual cyberattacks, including breaches at Anthem or Banner Health and Hollywood Presbyterian. As Health IT Outcomes notes, healthcare continues to be the top cyberattack target, with almost 90 percent of ransomware attacks during the second quarter of 2016 affecting healthcare entities. “The agreements will help to promote a streamlined cyber threat information sharing process that will help to inform other healthcare organizations about potential and real cyber threats and promote the ability to proactively respond.”