Does the Health-Care Industry Have a Handle on Cybersecurity?


Hackers are everywhere these days, whether stealing credit card numbers from Target and Home Depot or holding records hostage in so-called ransomware attacks. The health-care industry has become an especially valuable target for cybercriminals, as evidenced by last month’s WannaCry attack, which shut down 16 hospitals in the United Kingdom. The U.S. health-care market has been spared widespread attacks, but needs to boost cybersecurity and raise awareness, according to a recent public-private report.

The report has the potential to spur change within the health-care industry, Eric Fader, a health-care attorney with Day Pitney LLP in New York, told me. However, Fader said the “understaffed and currently distracted” federal government may not tackle more than a small bit of the report’s long list of recommendations.

Those recommendations include hardening electronic medical devices and health information technology against cyberattacks, boosting data sharing between the public and private sector on cyber risks, and mandating stronger controls over employee access to medical devices and electronic health records. The report also called for exceptions to the Stark law and the anti-kickback statute that would let health-care organizations help physicians buy cybersecurity software.

The report may make it easier for information technology professionals to garner support and funding to address vulnerabilities in their legacy systems for medical devices and health records, Vanessa Burrows, a health-care attorney with McDermott Will & Emery in Washington, told me.

“The report highlights the need for the health-care industry to view cybersecurity in the context of patient care and patient safety, instead of another issue to be resolved by IT,” Burrows said.

The Health Care Industry Cybersecurity Task Force report was sent to Sens. Richard Burr (R-N.C.), Lamar Alexander (R-Tenn.), and Ron Johnson (R-Wis.), and Reps. Greg Walden (R-Ore.), Michael McCaul (R-Texas), and Devin Nunes (R-Calif.). The task force included representatives from the Department of Health and Human Services, the Department of Homeland Security, and the Department of Defense.

Stay on top of new developments in health law and regulation with a free trial to the Health Law Resource Center.

Learn more about Bloomberg Law and sign up for a free trial.