Health leaders push feds for cybersecurity requirements
U.S. hospitals operate with minimal to no cybersecurity programs and face a bevy of challenges from staffing to COVID pandemic-related strains. These concerns prompted healthcare leaders to press legislators for federal incentives and new mandates for base-level cybersecurity standards.
Kate Pierce, Fortified Health Security’s senior virtual information security officer, outlined the current challenges facing healthcare at the Homeland and Governmental Affairs Committee on Thursday.
Under current regulations, healthcare delivery organizations are required to comply with the Health Insurance Portability and Accountability Act. The trouble is the Security Rule has just 42 controls, compared to the NIST Cybersecurity Framework employed by most industries — except healthcare.
And despite the minimum standards, a September 2020 CynergisTek report showed that just 76% of healthcare providers comply with the rule. These security gaps have left the industry with a heightened threat landscape, further compounded by a reliance on legacy platforms and an ever-expanding device inventory.
