The Obama administration is pushing for a continued emphasis on cybersecurity following a federal report that outlines some of the nation’s key vulnerabilities, many of which have a direct application to the healthcare industry.
Market pressures, a lack of public-private partnerships, and a failure to prioritize basic cybersecurity activities were some of the key vulnerabilities identified in a recent report (PDF) by the Commission on Enhancing National Cybersecurity, which established by President Obama earlier this year. Although the report offered a general view of cybersecurity concerns nationally, many of the issues identified by the Commission are relevant to healthcare organizations that have been a frequent target of data breaches.
Like many other industries, healthcare organizations suffer from market pressures that prioritize a quick product release over security, according to a post by Lee Kim, director of privacy and security at HIMSS North America. Health systems have not applied adequate pressure on vendors to build more secure platforms, often making purchasing decisions based on price rather than security features. Earlier this week, the network security firm Tenable gave the healthcare industry a “D” for cybersecurity, reflecting mounting concerns that IT vulnerabilities will worsen.
Kim points out that health organizations must “think like an attacker” by utilizing an external or internal penetration tester that can identify vulnerabilities. At the same time, providers are often overwhelmed at the prospect of evaluating and managing software applications that they view security as an afterthought.
The Commission notes that public and private entities need to work together in order to identify a new approach to cybersecurity. In October, the newly appointed CIO of the Department of Health and Human Services (HHS) outlined the agency’s cybersecurity priorities, which include shifting its investment strategy from response to prevention. Meanwhile, the College of Healthcare Information Management Executives (CHIME) created a new cybersecurity center aimed at better collaboration between public and private entities.
In a statement from the White House announcing the commission’s report, President Obama instructed the Commission to brief President-elect Donald Trump’s transition team and urged the incoming administration to continue focusing on cybersecurity vulnerabilities. In light of the cybersecurity workforce shortage, the Commission recommended the next administration initiate a national program to train 100,000 new cybersecurity professionals by 2020.