HHS cybersecurity task force focus will extend beyond individual 'backyards'

The Department of Health and Human Services' cybersecurity task force will take a higher-level view of healthcare security, drawing on the input of a range of stakeholders, according to one of its members, David Finn, a former healthcare CIO who's now health IT officer at security vendor Symantec.

Finn, in an interview with Healthcare Info Security, says the group's strength will be in bringing together providers, business associates, software makers, security vendors and others to examine problems from multiple perspectives "instead of just our own personal backyard."

The Cybersecurity Information Sharing Act, passed as part of an omnibus spending bill, requires HHS to convene the task force and report to Congress on the ability of the agency--and the healthcare industry at large--to respond to cybersecurity threats.

Its focus will be three-pronged, according to Finn; the task force will look at how other industries have implemented cybersecurity strategies; the unique challenges of healthcare security; and the challenges HIPAA-covered entities face in securing medical devices and other systems that connect to an electronic health record.

"We're going to start by looking at who does security well," he says, then overlay some of the unique challenges that healthcare faces.

"With healthcare, one of our issues is silos, within providers and certainly across providers across the whole continuum," Finn says.

HHS recently selected 21 members for the task force including Theresa Meadows, senior vice president and CIO of Cook Children's Health Care System; Roy Mellinger, VP of IT security and Chief Information Security Officer at Anthem; and Jacki Monson, chief privacy and information security officer of Sutter Health.

To learn more:
- listen to the interview