Mark Warner urges health care industry to help in creating ‘national strategy’ for cybersecurity

Healthcare industry stakeholders were urged Thursday to engage with federal lawmakers to help develop a “national strategy” for addressing serious cybersecurity concerns.

Sen. Mark Warner, Virginia Democrat and co-chair of the Senate Cybersecurity Caucus, made the plea in letters sent to more than a dozen groups including the American Hospital Association, the American Medical Association and the Federation of American Hospitals.

“The increased use of technology in health care certainly has the potential to improve the quality of patient care, expand access to care (including by extending the range of services through telehealth), and reduce wasteful spending. However, the increased use of technology has also left the health care industry more vulnerable to attack,” Mr. Warner wrote. “As we welcome the benefits of health care technology we must also ensure we are effectively protecting patient information and the essential operations of our health care entities.”

“I would like to work with you and other industry stakeholders to develop a short and long term strategy for reducing cybersecurity vulnerabilities in the health care sector,” Mr. Warner continued. “It is my hope that with thoughtful and carefully considered feedback we can develop a national strategy that improves the safety, resilience and security of our health care industry.”

Hackers have repeatedly hit targets within the healthcare industry in recent years, in turn causing damage ranging from stealing patient data to disrupting hospital operations.

More than 113 million healthcare records were compromised in 2015, according to the Government Accountability Office, and a study released that same year by Accenture, an international consulting firm, found that similar cyberattacks would cost the U.S. healthcare system $305 billion in a half-decade, Mr. Warner noted.

More recently, a 2017 report from Trend Micro, a Japanese-based cybersecurity company, said that researchers were able to find over 100,000 healthcare devices, including systems, machines and network equipment, exposed directly to the public internet and effectively discoverable by hackers, Mr. Warner recalled.

The letters seek answers ranging from details on the current cybersecurity practices employed by healthcare industry stakeholders, to the recipients’ recommendations for others.

“Has the federal government established an effective national strategy to reduce cybersecurity vulnerabilities in the health care sector? If not, what are your recommendations for improvement?” Mr. Warner asked.

Several healthcare industry stakeholders contacted by Mr. Warner told The Washington Times they planned to work with lawmakers to secure the sector.

“The American Medical Association looks forward to responding and working with Congress to develop a short and long term strategy for reducing cybersecurity vulnerabilities in the health care sector,” the AMA said in a statement. “Cybersecurity is a patient safety issue. Cybersecurity is a national priority and physicians, other health care providers, and patients need tools to secure sensitive patient information in the digital sphere. As clinical adoption of digital medicine tools accelerates with new innovations, and in light of increased public and commercial insurer coverage of digital medicine tools and services, there is increased urgency to advance policies that remedy vulnerabilities in cybersecurity.”

“Hospitals and health systems take seriously the responsibility of protecting patients and their information,” said John Riggi, senior advisor for cybersecurity and risk for the AHA. “As health care providers expand their use of technology to achieve more coordinated care delivery, there is a growing need to evaluate and manage new risks. We will continue to work with Congress and other key stakeholders as we help our members assess the cybersecurity landscape,” he told The Washington Times.

The Federation of American Hospitals did not return a message seeking comment.