Why the Biden-Harris Administration’s New National Cybersecurity Strategy Is an Important Step Forward for Health Care

Oct 23, 2023 - 08:00 AM by
John Riggi, National Advisor for Cybersecurity and Risk, AHA
Cyber_Blog_900x400_Ransomware_1023

Over recent months, increasing ransomware attacks and other cybersecurity threats in the health care field have underscored the critical need for hospitals and health systems to defend against malicious actors. Health care possesses a unique combination of highly targeted data sets that makes it a prime target by cyber adversaries.

Ransomware Impacts and Cyber Defense Challenges

During my testimony to the U.S. Senate in December 2020, I pointed out that a ransomware attack could interrupt patient care, or worse, shut down operations at the facility, thereby putting patient lives, and the community, at risk. Cybersecurity vulnerabilities and intrusions can also negatively affect a health care organization’s reputation.

Many hospitals and health systems recognize that they must view cybersecurity not as a novel or IT-only issue but rather as an enterprise risk — so they are striving to make cybersecurity part of their existing governance, risk management and business continuity framework as part of their efforts to elevate their vigilance against growing and more sophisticated cyberthreats. Yet, as they face dire workforce shortages and financial challenges exacerbated by the pandemic, enhancing their cyber defenses can be quite a struggle.

Call for Help

That is why in 2020 I called upon the Senate to expand public-private partnerships and cross-industry efforts to share threat information, and to step up to defend the nation’s hospitals and health systems from cyberattacks. After all, hospitals can only do so much on defense when foreign-based adversaries sheltered by hostile nation-states attack them. We also need a robust offense by the U.S. government to go after bad actors.

Administration Takes Action

For this reason, I commend the Biden Administration on its National Cybersecurity Strategy, announced March 2, 2023, which is aimed at shifting cyber defense responsibilities, improving cyber resilience and disrupting cyberthreat operations. The Strategy acknowledges that private sector efforts alone are insufficient to counter the significant cyberthreats we face as a nation.

We at the American Hospital Association (AHA) are pleased that the Strategy includes several important ideas we fully support, including:

  • Declaring ransomware attacks as a national security threat.
  • Conducting more offensive operations against cyberthreat actors.
  • Implementing software security requirements for software developers.

I am also proud of the FBI’s actions in defending hospitals and health systems from cyberattacks. Recently, for example, the FBI took down the Hive ransomware gang, whose criminal enterprise threatened patient safety. To hear the dramatic story, listen to my podcast interview with the FBI supervisor in charge of the Hive investigation.

The AHA Continues to Support Health Care Cybersecurity Efforts

The AHA will continue to work with the hospital field, Congress and the Administration, and other stakeholders to advance and adopt cyber policies that are streamlined, effective and feasible to implement.

And, as the AHA’s national advisor for cybersecurity and risk and a former FBI cyber executive, I want you to know that I provide a variety of cybersecurity offerings to advise and assist health care organizations like yours in mitigating the many cyber and physical risks you face. View the many places I’ve traveled over the past two years as part of my work with AHA members, hospital associations and government officials.

Plus, learn how the exclusive, highly vetted panel of service providers in our AHA Preferred Cybersecurity Provider (APCP) Program can help your organization prepare for, prevent and respond to today’s pressing cyberthreats.

Related News Articles

Headline
CISA extends comment period for proposed rule on cyber incident reporting
The Cybersecurity and Infrastructure Security Agency May 3 extended the comment period to July 3 for the April 4 proposed rule that would implement cyber…
Headline
White House releases critical infrastructure memo empowering CISA to strengthen health care security 
The Biden Administration April 30 released a memo announcing updated critical infrastructure protection requirements, which include the Cybersecurity &…
Headline
Agencies issue cyber advisory on North Korean spear phishing efforts 
The FBI, State Department and National Security Agency issued a warning about attempts by North Korean state-sponsored cyberthreat actors to exploit improperly…
Headline
Lawmakers grill UHG CEO at hearings following Change Healthcare cyberattack
Senate and House lawmakers May 1 grilled UnitedHealth Group CEO Andrew Witty about the continued fallout from the Feb. 22 cyberattack on Change Healthcare —…
Headline
AHA advertorial: Is UnitedHealth Group ‘Too Big To Fail’? 
“If you are asking yourself how a cyberattack on a single company could cause such massive damage, you are asking the right question,” an AHA advertorial in…
Headline
AHA provides update to Senate, House committee leaders ahead of hearings on fallout from Change Healthcare cyberattack 
The AHA April 29 provided the Senate Committee on Finance and House Energy and Commerce Subcommittee on Oversight and Investigations an update regarding…