Why a health IT safety center is vital in the age of ransomware


The rise in ransomware underscores the need for a national health IT safety center to help healthcare organizations learn to better protect themselves, say patient-safety advocates Dean Sittig and Hardeep Singh in a Health Affairs Blog post.

The Office of the National Coordinator for Health IT created a five-year plan for such a center and made a $5 million request in the 2017 budget for it. And the American Medical Association voted at its annual meeting to support that plan.

Such a center could dispatch teams in health IT, cybersecurity, clinical informatics and patient safety to sites to determine how ransomware attacks took place and create best practices for mitigating future attacks, Sittig and Singh say. It also could help develop and disseminate information on strategies to reduce risk proactively, and work with institutional and government leaders to ensure these strategies are used to their fullest impact.

The authors, who co-developed ONC's Safety Assurance Factors for EHR Resilience (SAFER) Guides, in July also shared best practices for mitigating ransomware attacks in a paper published in Applied Clinical Informatics. Too often, they say, organizations keep information about attacks close to the vest when sharing it could help others.

They call a national safety center “past overdue.”

“We are at crossroads,” Sittig and Singh write. “We could continue to obfuscate and ignore obvious safety issues, including being easy targets for cybercriminals, or we could work together to understand safety events, learn from them, identify best practices to prevent them and work on building a safe and effective health IT infrastructure for our country.”

To learn more:
- read the Health Affairs Blog post