A task force established by Congress under the Cybersecurity Act of 2015 recently published its report outlining healthcare industry concerns and recommendations to increase awareness and preparation to address cybersecurity threats.

The Health Care Industry Cybersecurity (HCIC) Task Force is comprised of 21 individuals that span a wide range of healthcare IT and cybersecurity expertise. Its report aims to: 

• Define and streamline leadership, governance and expectations for healthcare industry cybersecurity
• Increase the security and resilience of medical devices and health IT
• Develop the healthcare workforce capacity necessary to prioritize and ensure cybersecurity awareness and technical capabilities
• Increase healthcare industry readiness through improved cybersecurity awareness and education
• Identify mechanisms to protect research and development efforts and intellectual property from attacks or exposure, and
• Improve information sharing of industry threats, weaknesses and mitigations.

The report acknowledges medical device security challenges and concerns, including the profound impact a medical device hack can have on patient safety and the challenges in moving vendors to update medical device operating systems with critical security patches.  

In support of its stated goals, the report is an important step in recognizing that healthcare IT leadership, the cybersecurity vendor community and state and federal agencies need to work together sharing cybersecurity expertise and real-time threat intelligence.