Fighting Cyber Attacks While Making Health Information More Accessible
Cook Children’s Leader Tapped to Develop Recommendations, Report to Congress
Theresa Meadows RN, MS, Senior Vice President and Chief Information Officer (CIO), has been appointed to the Healthcare Industry Cybersecurity Task Force by the Health and Human Services Department (HHS). Meadows is one of 21 members who represent health care systems, pharmaceutical companies, health insurers, tech companies and government. The task force will identify ways for health care systems nationwide to safely store and share electronic health information and report their recommendations to Congress. Meadows will serve as the private sector co-chair of the task force, alongside a federal government co-chair from HHS.
Why form a Cybersecurity Task Force?
Back in December, The Cybersecurity Information Sharing Act of 2015 was included in the Omnibus spending package that funds the federal government for 2016. One provision in the law requires the HHS to form a task force of experts in government and the private sector to come up with recommendations on ways to secure the health care industry. Besides Meadows, the task force is comprised of leaders from Kaiser Permanente, Merck & Co., Centers for Medicare and Medicaid Services and Homeland Security, along with others.
“Cyber threats continue to increase on a consistent basis but we must continue to share information to provide high quality, safe patient care. We must find better ways to do this and maintain the security of the information," said Meadows. “Part of my role as CIO, is to proactively engage leadership on the urgency and seriousness of these issues”
Healthcare data can be used for various criminal purposes, including identity theft, fraud, and disruption of hospital systems. Meadows states, “If companies as large as Target and Anthem can be susceptible to security breaches proves there needs to be more focus on cybersecurity, especially in healthcare.”
Another concern is the threat of ransom attacks. Just this week, Methodist Hospital in Henderson, Ky. announced it’s operating in an “internal state of emergency” after a ransomware attack encrypted all of the hospitals files, holding them hostage until the hospital agrees to pay. This incident comes just weeks after a California hospital paid $17,000 in a similar attack.
“Ransom attacks are becoming more and more common and it’s a big concern. Whether these hackers are after money or private information, we need to be able to protect healthcare data and ensure proper education is provided to our staff to prevent these events from occurring,” Meadows said.
What’s on the agenda?
The task force will meet in person four times over the next year, in addition to holding regular conference calls. Meadows says they will be talking about a range of issues.
The task force has been established to:
- Analyze how other industries have implemented strategies and safeguards for addressing cybersecurity threats within their respective industries;
- Analyze challenges and barriers private entities (excluding state and federal governments) in the healthcare industry face securing themselves against cyber-attacks.
- Review challenges that covered entities and business associates face in securing networked medical devices and other software or systems that connect to an electronic health record (EHR)
- Provide HHS with information to disseminate to healthcare industry stakeholders of all sizes for purposes of improving their preparedness for and response to cybersecurity threats affecting the industry
- Establish a plan for implementing cyber threat information sharing so that the Federal Government and healthcare industry stakeholders may in real time share actionable cyber threat indicators and defensive measures
- Report to appropriate Congressional Committees on the findings and recommendations of the task force
The Cybersecurity Task Force will report their findings and recommendations next year.