Senator proposes cybersecurity mandates for health systems – Cybersecurity Dive




First published on
The report comes on the heels of the recent ransomware attack on CommonSpirit Health, one of the country’s largest hospital systems, that interrupted access to electronic health records and delayed patient care.
With data breaches in healthcare reaching a record high last year, efforts to improve cybersecurity have been “painfully slow and inadequate,” Warner wrote.
“Unless we act now, this situation will get worse,” he said.
The policy paper states that cybersecurity can no longer be treated as a secondary concern and must become incorporated into every organization’s core business model, from equipment manufacturers to healthcare providers.
Equipment must be designed and built with cybersecurity at its core, and minimum cyber hygiene practices are needed for healthcare providers to protect everyone in the sector, especially patients, Warner said.
Financial constraints, use of legacy devices that were not designed to resist today’s cyberattacks, and limited education and awareness programs for healthcare professionals have increased the impact of cyber threats in the sector, the paper said. Some organizations have said they cannot afford to dedicate an IT staff member primarily to cybersecurity and lack the infrastructure to identify, track and act on threats.
The paper proposes establishing minimum cyber hygiene practices for healthcare organizations, addressing insecure legacy systems, requiring a “software bill of materials” for medical devices and all healthcare industry software, streamlining information sharing and looking at how Medicare payment policies should be changed to incorporate cybersecurity expenses.
Warner co-authored legislation, signed into law by President Joe Biden as part of the Consolidated Appropriations Act in March, that requires companies responsible for U.S. critical infrastructure to report cybersecurity incidents to the government.
The senator asked for individuals, researchers, businesses, organizations and advocacy groups to submit feedback on the policy options in the document, or offer additional ideas for inclusion in eventual legislation.
Get the free daily newsletter read by industry experts
Threat actors lean heavily on phishing attacks, vulnerabilities in software and containers, and stolen credentials, according to top cyber vendor research.
A PwC study shows cyber risk is a top concern among entire C-suite and corporate boards as companies are spending additional funds to boost resilience.
Subscribe to Cybersecurity Dive for top news, trends & analysis
Get the free daily newsletter read by industry experts
Want to share a company announcement with your peers?
Get started
Threat actors lean heavily on phishing attacks, vulnerabilities in software and containers, and stolen credentials, according to top cyber vendor research.
A PwC study shows cyber risk is a top concern among entire C-suite and corporate boards as companies are spending additional funds to boost resilience.
The free newsletter covering the top industry headlines

source


CyberTelugu

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top

Adblock Detected

Please consider supporting us by disabling your ad blocker

Refresh Page