The U.S. Department of Health & Human Services (HHS) plans to release updated cybersecurity guidance for the healthcare industry along with an agency-wide data strategy in the upcoming weeks, according to Karl Mathias, chief information officer (CIO) at HHS.
On day two of AFCEA’s 15th Annual Health IT Summit on Jan. 18, the HHS CIO explained that healthcare organizations are particularly vulnerable and targeted by cyberattacks because they possess so much information of high monetary and intelligence value.
“When systems go down, it has an immediate and devastating effect on patient care. [Healthcare workers] lack a critical tool in their ability to know what care patients need, doctors cannot enter orders, and pharmacists trying to fill a prescription order cannot fill that order,” Mathias said. “And if the attack were to extend into medical devices, it can cause serious harm, and in some cases the death of the patient,” he said.
According to Mathias, in 2022 there were 618 reported data breaches in healthcare organizations that impacted more than 500 individuals each. That’s double the amount reported in 2021.
The HHS 405(d) Program and Task Group – a collaborative effort between industry and the Federal government to raise awareness and provide vetted cybersecurity practices towards mitigating pertinent cybersecurity threats to the sector – previously released cybersecurity best practices guidance to help the health sector.
In the upcoming weeks, HHS will release an updated version of that Health Industry Cybersecurity Practices guidance, Mathias said. He did not elaborate on any specific updates to the existing guidance.
“We’re just getting that final sign-off taken care of before we release the updated version in a few weeks. This is just an update to the current version and that’s been used extensively by industry, particularly by smaller hospitals,” Mathias said.
The CIO explained that HHS is a data-generating organization, and it needs to use that data effectively to create abilities to provide comfort, save lives, to enhance the health of Americans everywhere. If that data is used properly, it can be an invaluable asset in providing those abilities, he added.
“HHS embarked on a journey to create a data strategy to provide those abilities, and while I can’t formally tell you about it, it will be published in the next few weeks, but we have been working on this for a while,” Mathias said.