The final report, which was mandated by the Cybersecurity Information Sharing Act of 2016, barely differs from the draft that hit the web in early May (most of the changes were to punctuation). As in the earlier version, the final report sets out six “imperatives” for bolstering cybersecurity, including better information-sharing about threats and developing ways to protect research and development from cyberattacks. The task force called for a new healthcare-specific cybersecurity framework and for amendments to the Physician Self-Referral Law and the Anti-Kickback Statute to make it easier for large health systems assist smaller practices with their cybersecurity.
“Cybersecurity has historically been treated as an IT issue,” Emery Csulak, co-chair of the task force, said during a conference call with reporters. “We want to make sure it’s treated as a patient safety issue.”
Though the report was written before the WannaCry attacks hit computer systems worldwide in May, some of its recommendations are still applicable, HHS said, including “cyberhygiene” and the imperative to keep software updated and patched.
Related content
Rachel Arndt joined Modern Healthcare in 2017 as a general assignment reporter. Her work has appeared in Popular Mechanics, Quartz, Fast Company, and elsewhere. She has MFAs in nonfiction and poetry from the University of Iowa and a bachelor’s degree from Brown.