Healthcare providers and associated administrative businesses have endured a cyberattack onslaught over the past few years. Federal agencies, Congress, State and Local Governments have recognized the risks and have issued regulations and funding to address cybersecurity gaps in the sector. Many think that more needs to be done at the national level. Senator Mark Warner, a longtime champion for taking a robust approach to cyber defense, recently issued a policy discussion white paper titledCybersecurity is Patient Safety: Policy Options in The Health Care Sector(ref 1).
Many healthcare providers struggle to defend their IT and connected healthcare systems from cyberattacks. News reports of attacks that target hospitals, medical insurance providers, pharmacies, and other vital components of the healthcare delivery sector are common. A ransomware attack that disrupted many sites operated by CommonSpirit is still having an impact over a month after the first effects were felt (ref 2).
Critical Insight's H2 2021 Healthcare Data Breach Report (ref 3) is cited in Senator Warner's white paper to support the need to bolster protections across the healthcare cybersecurity sector. Alongside other prominent organizations that provide cybersecurity and healthcare sector data and insights.
What the White Paper Covers
Senator Warner's policy paper aims to spark a national conversation on how we can boost our cyber defenses to protect us all from the scourge of cybercriminals targeting our healthcare systems. The policy document outlines proposals in three broad areas:
Improving Federal Leadership and Our National Risk Posture- The first section outlines the complexity of the current Health Care Cybersecurity Ecosystem across Government and industry. It then discusses how healthcare cybersecurity legislation and governance are currently structured, along with questions and proposed changes to generate feedback on the proposals designed to make the healthcare cybersecurity landscape safer.
Improving Health Care Providers’ Cybersecurity Capabilities through Incentives and Requirements- This section makes the case that protecting patient data from cybercriminals should be seen as critical to patient health and safety as air quality and infection control. Medical safety controls get delivered via regulations that healthcare providers must implement. The white paper makes the case that Congress should extend the basic regulations covering medical best practices to include some minimum cybersecurity hygiene practices.
Recovery from Cyberattacks- The third section of the white paper highlights how long cyberattackers typically have access to IT systems before they get discovered and the impacts this has. It then outlines some suggested mitigating measures plus questions to encourage comment and feedback.
The white paper concludes with a call to action, inviting interested parties to send feedback and suggestions specific to the content and questions outlined, or additional ideas or language for inclusion in eventual legislation, to Senator Warner's office. Everyone with an interest in this area should download, read, and comment back to the Senator's office.
Protect Your Healthcare IT with Critical Insight
Delivering cybersecurity services to protect critical infrastructure and IT systems in organizations such as healthcare providers is why Critical Insight exists. We have decades of experience in our team across the health sector, local government, state government, and private sector critical infrastructure providers. We can provide cybersecurity services and assistance to healthcare providers that cover all their cybersecurity eventualities. Use the form below to contact us to discuss protecting your patients from cyber criminals.
1.Office of Sen. Mark R. Warner: Cybersecurity is Patient Safety: Policy Options in The Health Care Sector. Available as a PDF download from