Getty Images/iStockphoto

HSCC to Biden: Invest in Healthcare Cybersecurity, Partnerships

Through the American Rescue Plan, HSCC urges the Biden Administration to make similar investments in healthcare cybersecurity partnerships to improve its cyber posture.

The Healthcare and Public Health Sector Coordinating Council is urging the Biden Administration to invest in a structured healthcare cybersecurity partnership through the American Rescue Plan, to further ongoing efforts to improve the sector’s cyber posture.

An enhanced strategic planning process coupled with ongoing cybersecurity stakeholder partnerships will strengthen the US healthcare system’s security and resiliency, according to an HSCC letter to President Joe Biden.

The investments will also better support a “health sector otherwise stretched to its limits to meet its clinical and public health obligations.”

HSCC’s Joint Cybersecurity Working Group is a private-public partnership of healthcare companies and providers, which includes more than 300 medical device and health IT companies, direct patient care entities, and a host of others.

The group has made valiant efforts to bolster the sector’s cybersecurity through educational initiatives, free resources and guides, and other collaborative efforts, in the last few years.

As efforts of the Department of Health and Human Services, HSCC, and other industry leaders continue to bolster the sector’s security posture and better protect patient safety, the Administration must better support the healthcare sector to improve critical infrastructure security.

HSCC noted that these insights align with the Administration’s recent efforts to bolster the country’s cybersecurity posture.

“The healthcare industry faces relentless cybersecurity threats that have grown in magnitude and complexity year after year,” HSCC leaders explained. “These threats to the technology that is integral to patient care have worsened over the course of the pandemic, especially in the proliferation of ransomware attacks.” 

“Cybersecurity incidents are a threat not only to national security, they also jeopardize patient safety, as attacks can cause denial of service, medical device corruption, and data manipulation that directly impact clinical operations, patient care and public health,” they continued.

These critical threats will continue to be lucrative targets for threat actors, especially as subsequent social engineering attempts remain lucrative attack methods for nation-state actors.

The letter comes on the heels of recent administration moves to bolster transparency, threat sharing, and funding of cybersecurity measures for critical infrastructure.

Following the SolarWinds supply-chain hack, the White House deployed a ransomware task force to tackle these widespread attacks, often tied to nation-state advanced persistent threat actors.

In recent moves, the Biden Administration reported it will now consider ransomware attacks as equal threats to terrorism, while urging private sector entities to prioritize defense against ransomware and other attacks.

Further, the Department of Justice took immediate action to require all Attorneys General to better report events to federal agencies tasked with investigating ransomware events.

To HSCC, President Joe Biden’s Executive Order focused on cybersecurity and the recently enacted American Rescue Plan failed to bookmark funds or research directly to the healthcare sector, which is a missed opportunity.

Of particular note, the Administration’s infrastructure plan aims to build resilience for essential services, including community health and hospitals. HSCC urged Biden to include a planning process in future plans for the health sector that focuses on policy and resources.

The overall goal would be to create specific programs to facilitate a collaborative, public-private partnership to strengthen the country’s healthcare cybersecurity.

While the Biden Administration is currently working on hardening the electrical power system in the US against cyber threats after recent critical infrastructure attacks, the HSCC believes that a comparable program is needed for the healthcare sector.

Particularly after the pandemic-year, it’s imperative that collaboration become a keystone of the country’s cybersecurity efforts. The healthcare sector has made progress on bolstering its security posture in recent years, but is still not keeping pace with the threat landscape.

In fact, small- and medium-sized providers and critical access hospitals are continuing to fall behind. The sector needs enhanced federal programs and engagement to make progress, explained HSCC.

“The Colonial Pipeline ransomware attack, the power outages resulting from the winter storms experienced in Texas earlier this year, and the impact the long-term lack of electricity had on hospitals, COVID-19 treatment and COVID-19 vaccination, are stark reminders of how interconnected the healthcare sector is with other critical sectors like power, water and communications, and how robust cybersecurity management is critical to the operational continuity and resiliency of our national critical functions,” HSCC explained.

“As you lead the nation out of the pandemic, put more Americans back to work and increase their access to health insurance, the ability of the healthcare sector to deter cyber threats is imperative for the nation to maintain public health and global competitiveness beyond the pandemic,” they continued.

Next Steps

Dig Deeper on Cybersecurity strategies