Why the Biden-Harris Administration’s New National Cybersecurity Strategy Is an Important Step Forward for Health Care

Oct 23, 2023 - 08:00 AM by
John Riggi, National Advisor for Cybersecurity and Risk, AHA
Cyber_Blog_900x400_Ransomware_1023

Over recent months, increasing ransomware attacks and other cybersecurity threats in the health care field have underscored the critical need for hospitals and health systems to defend against malicious actors. Health care possesses a unique combination of highly targeted data sets that makes it a prime target by cyber adversaries.

Ransomware Impacts and Cyber Defense Challenges

During my testimony to the U.S. Senate in December 2020, I pointed out that a ransomware attack could interrupt patient care, or worse, shut down operations at the facility, thereby putting patient lives, and the community, at risk. Cybersecurity vulnerabilities and intrusions can also negatively affect a health care organization’s reputation.

Many hospitals and health systems recognize that they must view cybersecurity not as a novel or IT-only issue but rather as an enterprise risk — so they are striving to make cybersecurity part of their existing governance, risk management and business continuity framework as part of their efforts to elevate their vigilance against growing and more sophisticated cyberthreats. Yet, as they face dire workforce shortages and financial challenges exacerbated by the pandemic, enhancing their cyber defenses can be quite a struggle.

Call for Help

That is why in 2020 I called upon the Senate to expand public-private partnerships and cross-industry efforts to share threat information, and to step up to defend the nation’s hospitals and health systems from cyberattacks. After all, hospitals can only do so much on defense when foreign-based adversaries sheltered by hostile nation-states attack them. We also need a robust offense by the U.S. government to go after bad actors.

Administration Takes Action

For this reason, I commend the Biden Administration on its National Cybersecurity Strategy, announced March 2, 2023, which is aimed at shifting cyber defense responsibilities, improving cyber resilience and disrupting cyberthreat operations. The Strategy acknowledges that private sector efforts alone are insufficient to counter the significant cyberthreats we face as a nation.

We at the American Hospital Association (AHA) are pleased that the Strategy includes several important ideas we fully support, including:

  • Declaring ransomware attacks as a national security threat.
  • Conducting more offensive operations against cyberthreat actors.
  • Implementing software security requirements for software developers.

I am also proud of the FBI’s actions in defending hospitals and health systems from cyberattacks. Recently, for example, the FBI took down the Hive ransomware gang, whose criminal enterprise threatened patient safety. To hear the dramatic story, listen to my podcast interview with the FBI supervisor in charge of the Hive investigation.

The AHA Continues to Support Health Care Cybersecurity Efforts

The AHA will continue to work with the hospital field, Congress and the Administration, and other stakeholders to advance and adopt cyber policies that are streamlined, effective and feasible to implement.

And, as the AHA’s national advisor for cybersecurity and risk and a former FBI cyber executive, I want you to know that I provide a variety of cybersecurity offerings to advise and assist health care organizations like yours in mitigating the many cyber and physical risks you face. View the many places I’ve traveled over the past two years as part of my work with AHA members, hospital associations and government officials.

Plus, learn how the exclusive, highly vetted panel of service providers in our AHA Preferred Cybersecurity Provider (APCP) Program can help your organization prepare for, prevent and respond to today’s pressing cyberthreats.

Related News Articles

Headline
OCR launches webpage with HIPAA FAQs on Change Healthcare cyberattack
The Department of Health and Human Services’ Office for Civil Rights April 19 launched a webpage answering HIPAA-related FAQs about the Change Healthcare…
Headline
Agencies issue ransomware alert, guidance for securely deploying AI
U.S. and European agencies April 18 recommended organizations implement certain best practices to protect against the latest versions of Akira ransomware,…
Headline
AHA urges Congress to reject cybersecurity proposal in HHS budget request
In a statement submitted to the House Energy and Commerce Health Subcommittee for a hearing April 17 on President Biden’s fiscal year 2025 Health and Human…
Headline
HHS Deputy Secretary Palm discusses Change Healthcare attack and future of cybersecurity
Department of Health and Human Services Deputy Secretary Andrea Palm addressed AHA Annual Membership Meeting attendees about the Administration’s work to…
Headline
Representative Guthrie discusses cybersecurity, prior authorizations and telehealth
Rep. Brett Guthrie, R-Ky., today addressed attendees of AHA’s 2024 Annual Membership Meeting and touched on many of the biggest issues in health care:…
Headline
AHA testifies at hearing on health care cybersecurity
Testifying April 16 before a House Energy and Commerce Subcommittee on Health hearing on addressing health care cybersecurity vulnerabilities in the wake of…