Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients

Cybersecurity threats to healthcare organizations and patient safety are real. Health IT provides critical lifesaving functions. It consists of connected, networked systems and leverages wireless technologies, leaving such systems more vulnerable to cyber-attack. Recent highly publicized ransomware attacks on hospitals, for example, necessitated diverting patients to other hospitals. This led to an inability to access patient records to continue care delivery. Such cyber-attacks can delay critical care, expose sensitive patient information, and lead to substantial financial costs to regain control of hospital systems and patient data. From small, independent practitioners to large, university hospital environments, cyber-attacks on healthcare records, IT systems, and network connected medical devices have impacted even the most hardened systems. It is for these reasons we consider Cyber Safety to be a part of Patient Safety. Given the increasingly sophisticated and widespread nature of cyber-attacks, the HPH sector must make cybersecurity a priority and make the investments needed to protect its patients. Like combatting a deadly virus, cybersecurity requires mobilization and coordination of resources across myriad public and private stakeholders [including hospitals, IT vendors, connected medical device manufacturers, and governments (state, local, tribal, territorial, and federal)] to mitigate the risks and minimize the impacts of a cyber-attack. HHS and the HPH sector are working together to address these challenges.

View the detailed report below.