On August 18, the Department of Health and Human Services (HHS) issued a Request for Information (RFI) in order to assist its Health Care Industry Cybersecurity Task Force in its effort to improve cybersecurity in the health care industry. The RFI requests relevant and knowledgeable stakeholders provide input to identify risks, gaps, obstacles, and best practices in health care cybersecurity policy.
The Task Force was created in March 2016 by HHS in response to the mandate under the Cybersecurity Information Sharing Act of 2015. The Task Force is comprised of representatives from the health care sector, including hospitals, insurers, patient advocates, security researchers, pharmacy and pharmaceutical companies, medical manufacturers, health IT developers and vendors, and laboratories. As the Task Force’s website explains, “Many of the members are Chief Information Security Officers or equivalent positions within their organizations, while others have expertise in clinical medicine, software development, information security, and related fields.”
The RFI requests responses to the following questions:
- What are the top cybersecurity risks and concerns unique to the health care sector?
- What best practices are currently being employed by other sectors that might help us improve the security of the health care sector?
- What are the biggest gaps and challenges for the development and deployment of medical devices and electronic health records?
- How can the health care sector be better educated with regard to cybersecurity?
- What challenges do health care sector organizations have to overcome in order to share cyber related incidents with a consortium?
Once received, the Task Force will compile the responses for dissemination to health care industry stakeholders, create a federal system for the sharing of cyber threat information, and issue a report to Congress. The Task Force meets monthly, and meetings are open to the public. Please see the Task Force homepage identified above for more information.
Jen Ortega serves as a consultant to EDUCAUSE on federal policy and government relations. She has worked with EDUCAUSE since 2013 and assists with monitoring legislative and regulatory proposals across a range of policy areas, including cybersecurity, data privacy, e-learning, and accessibility.