Rachel Klemovitch, Assistant Editor03.01.24
The Healthcare and Public Health (HPH) Sector Coordinating Council (HSCC) Cybersecurity Working Group (CWG) has published its five-year “Heath Industry Cybersecurity Strategic Plan” (HIC-SP).
This addresses operational, technological, and governance challenges of significant healthcare industry trends over the next five years. HIC-SP also urges healthcare organizations to implement cybersecurity programs to address these issues.
HIC-SP is designed to advise C-suite executives, security leaders, and government agencies on implementing cybersecurity goals against threats. Cybersecurity incidents involving patient safety, care operations, and data privacy are increasingly frequent in the health sector and can lead to legal, financial, reputational, and regulatory risks.
HSCC Cybersecurity Working Group Chairman Erik Decker, CISO for Intermountain Health, said: “The Health Industry Cybersecurity Strategic Plan recognizes that cybersecurity for the health sector is a shared responsibility among all HPH stakeholders, including medical device manufacturers, pharmaceuticals, healthcare delivery organizations, health plans and payers, and government policymakers.” Decker added that “the Plan also applies to third party technology and service providers which continue to pose significant risks to the health system.”
This program was developed over 18 months by the Cybersecurity Working Group and its government partners. In preparation for the next five years, HIC-SP was structured to upgrade the diagnosis of healthcare cybersecurity from “critical” to “stable condition” by 2029 through measurable goals.
These conditions state:
This begins the second phase of the HSCC’s program in developing a set of measurable outcomes and appropriate metrics for success.
This addresses operational, technological, and governance challenges of significant healthcare industry trends over the next five years. HIC-SP also urges healthcare organizations to implement cybersecurity programs to address these issues.
HIC-SP is designed to advise C-suite executives, security leaders, and government agencies on implementing cybersecurity goals against threats. Cybersecurity incidents involving patient safety, care operations, and data privacy are increasingly frequent in the health sector and can lead to legal, financial, reputational, and regulatory risks.
HSCC Cybersecurity Working Group Chairman Erik Decker, CISO for Intermountain Health, said: “The Health Industry Cybersecurity Strategic Plan recognizes that cybersecurity for the health sector is a shared responsibility among all HPH stakeholders, including medical device manufacturers, pharmaceuticals, healthcare delivery organizations, health plans and payers, and government policymakers.” Decker added that “the Plan also applies to third party technology and service providers which continue to pose significant risks to the health system.”
This program was developed over 18 months by the Cybersecurity Working Group and its government partners. In preparation for the next five years, HIC-SP was structured to upgrade the diagnosis of healthcare cybersecurity from “critical” to “stable condition” by 2029 through measurable goals.
These conditions state:
- Healthcare cybersecurity, both practiced and regulated, is reflexive, evolving, accessible, documented, and implemented.
- Secure design and implementation of technology and services across the healthcare ecosystem is a shared and collaborative responsibility.
- Leaders in the healthcare C-Suite embrace accountability for cybersecurity as an enterprise risk and a technology imperative.
- A cyber safety net promotes cyber equity among under-resourced health organizations across the ecosystem.
- Workforce cybersecurity learning and application is an infrastructure wellness continuum.
- A “911 Cyber Civil Defense” capability to provide early warning, incident response, and recovery is reflexive and always on.
This begins the second phase of the HSCC’s program in developing a set of measurable outcomes and appropriate metrics for success.