HHS will fund an organization for cybersecurity professionals to exchange information about threats to the healthcare industry's information technology systems.
The goal is to allow healthcare and public health sectors and HHS to share information “about cyberthreats and provide outreach and education that improves cybersecurity awareness,” according to a statement accompanying an HHS request for grant applicants on a federal website. By exchanging information, the statement said, providers and public health agencies will be better equipped to respond to cyberthreats.
The funding level anticipated, $250,000 the first year, with the possibility of an extension to cover a five-year period, is not expected to be sufficient to run the center absent outside financial support.
The money is to come from the Office of the National Coordinator for Health Information Technology at HHS and the department's office of the assistant secretary for preparedness and response.
“This coordinated resource will focus on sharing the most up-to-date threat information across the health and public health sectors and will better equip health systems to identify potential threats and further protect electronic health information,” said ONC chief Dr. Karen DeSalvo.
More than eight in 10 respondents (81%) to a recent Modern Healthcare survey of healthcare executives on information technology issues indicated they expect there will be more cybersecurity attacks in 2016 than there were last year, which was the worse since public records of healthcare data breaches have been kept starting in 2009.
A recent Modern Healthcare analysis of healthcare breach data on the “wall of shame” kept by the Office for Civil Rights at HHS determined that since September 2009, Health Insurance Portability and Accountability Act-covered entities have reported 1,560 medical-record breaches that exposed the records of 500 or more individuals. These breaches compromised the records of 158.3 million individuals. Only about 12% of those breaches involved hacking, but those that did exposed more than 111 million records, federal data show.
Federal funding ought to go to an organization with widespread healthcare industry participation, not just providers, said healthcare data security executive Michael “Mac” McMillian, co-founder and CEO of CynergisTek, based in Austin, Texas.
“It will take both government and private sector as well as both covered entity and business associate participation to create a truly meaningful and relevant threat picture and infrastructure to support its analysis and dissemination,” McMillian said.