The Health Care Industry Cybersecurity Task Force today released the final version of its cybersecurity report, calling on the government to write policies that would help healthcare organizations boost their defenses—a need made even more evident after last month's WannaCry ransomware attacks.
The final report, which was mandated by the Cybersecurity Information Sharing Act of 2016, barely differs from the draft that hit the web in early May (most of the changes were to punctuation). As in the earlier version, the final report sets out six "imperatives" for bolstering cybersecurity, including better information-sharing about threats and developing ways to protect research and development from cyberattacks. The task force called for a new healthcare-specific cybersecurity framework and for amendments to the Physician Self-Referral Law and the Anti-Kickback Statute to make it easier for large health systems assist smaller practices with their cybersecurity.
"Cybersecurity has historically been treated as an IT issue," Emery Csulak, co-chair of the task force, said during a conference call with reporters. "We want to make sure it's treated as a patient safety issue."
Though the report was written before the WannaCry attacks hit computer systems worldwide in May, some of its recommendations are still applicable, HHS said, including "cyberhygiene" and the imperative to keep software updated and patched.
