HOUSTON, TX (PRWEB) – A congressionally mandated healthcare industry task force recently released the findings of the state of health information systems security and it’s not good. The Health Care Industry Cybersecurity Task Force report (PDF) released this month warns that all aspects of health IT security are at risk and that action is needed by government and the industry to improve security.
CareSet Systems Founder and CTO Fred Trotter was one of 21 members of the task force, and he has this to say about their investigation – “the committee could not have been formed with nicer, more professional people. Over the course of the year we saw several of our greatest concerns happening one after another. Specifically, we saw vulnerabilities in medical devices released in order to manipulate the stock market, an explosion of ransomeware taking entire hospitals offline at NHS, and numerous other breaches.”
The committee recommended to Congress and the Department of Health and Human Services (HHS) programs to remove at-risk hardware and software out of healthcare organizations. The committee also recommended efforts to place more people with security skills into the healthcare workforce and establish a chain of command and procedures for dealing with healthcare system cyber attacks.
“The whole healthcare industry urgently needs to increase their investment in cybersecurity,” Trotter says. “The work we did provides a roadmap and we need to follow it.”
According to the report, “the health care system cannot deliver effective and safe care without deeper digital connectivity. If the health care system is connected, but insecure, this connectivity could betray patient safety, subjecting them to unnecessary risk and forcing them to pay unaffordable personal costs. Our nation must find a way to prevent our patients from being forced to choose between connectivity and security.”
The recommendations from the task force include:
- Define and streamline leadership, governance, and expectations for health care industry cybersecurity.
- Increase the security and resilience of medical devices and health IT.
- Develop the healthcare workforce capacity necessary to prioritize and ensure cybersecurity awareness and technical capabilities.
- Increase health care industry readiness through improved cybersecurity awareness and education.
- Identify mechanisms to protect research and development efforts, as well as intellectual property, from attacks or exposure.
- Improve information sharing of industry threats, weaknesses, and mitigations.
The following 21 individuals constitute the membership of the Health Care Industry Cybersecurity Task Force established in March 2016:
- Task Force Co-Chair Emery Csulak, MS, CISSP, PMP, Chief Information Security Officer, Centers for Medicare and Medicaid Services, U.S. Department of Health and Human Services
- Task Force Co-Chair Theresa Meadows, MS, RN, CHCIO, FHIMSS, FACHE, Senior Vice President and Chief Information Officer, Cook Children’s Health Care System
- Joshua Corman, Co-Founder, I Am The Cavalry
- George DeCesare, JD, Senior Vice President and Chief Technology Risk Officer, Kaiser Permanente
- Anura Fernando, Principal Engineer, Medical Software and Systems Interoperability Health Sciences Division, UL LLC
- David Finn, CISA, CISM, CRISC, Health Information Technology Officer, Symantec Corp.
- Mark Jarrett, MD, MBA, MS, Senior Vice President and Chief Quality Officer, Northwell Health and Professor of Medicine, Hofstra Northwell School of Medicine
- Laura Laybourn, Senior Advisor, Office of Cyber and Infrastructure Analysis, National Protection and Programs Directorate, U.S. Department of Homeland Security
- Michael McNeil, Global Product Security and Service Officer, Philips Healthcare
- Dan McWhorter, Vice President and Chief Intelligence Strategist, FireEye, Inc.
- Roy Mellinger, CISSP-ISSAP, ISSMP, CIM, Vice President, IT Security and Chief Information Security Officer, Anthem, Inc.
- Jacki Monson, JD, CHC, CHPC, Vice President, Chief Privacy and Information Security Officer, Sutter Health
- Ram Ramadoss, MBA, CISA, CISM, CISSP, CRISC, CIPP, Vice President, CRP Privacy and Information Security and EHR Compliance Oversight, Catholic Health Initiatives
- Terry Rice, Vice President, IT Risk Management and Chief Information Security Officer, Merck & Co.
- Vito Sardanopoli, CISM, CISSP, CISA, Senior Director of Enterprise Security Services and Governance, Quest Diagnostics
- Rob Suarez, Director of Corporate Product Security, BD
- Kevin Stine, Chief, Applied Cybersecurity Division, Information Technology Laboratory, National Institute of Standards and Technology
- Christine Sublett, MA, CISSP, CIPT, CRISC, CGEIT, Chief Information Security Officer and Head of Compliance, Augmedix, Inc.
- Lauren Thompson, PhD, Director, Interagency Program Office, Defense Health Management Systems, Department of Defense / Department of Veterans Affairs
- David Ting, Co-Founder and Chief Technology Officer, Imprivata, Inc.
- Fred Trotter, Data Journalist, CareSet Systems
About CareSet Systems
CareSet Systems (https://careset.com) is the nation’s first company with access to 100% Medicare Part A, B and D claims and enables the nation’s leading pharmaceutical companies to decode Medicare claims data to guide new drug launches.