HHS' newly released 88-page report on healthcare cybersecurity touches on ways small and medium-sized organizations can improve, according to Medscape.
HHS developed the report as a part of the Cybersecurity Act of 2015.
Here are eight things to know:
1. The task force creating the report was composed of thought leaders from the federal government, hospitals, insurers, patient advocates, security firms, pharmaceutical companies, medical device manufacturers, health information technology developers and laboratories.
2. The report labeled healthcare cybersecurity as a "key public health concern that needs immediate and aggressive attention."
3. The report highlighted six key areas of improvement:
• Streamlining healthcare cybersecurity leadership, government and expectations
• Boosting security of medical devices and health IT
• Ensuring proper resources to prioritize cybersecurity awareness
• Improving cybersecurity awareness and education
• Safeguarding research and development projects as well as intellectual property form attacks
• Promoting information sharing of threats, weaknesses and mitigations
4. The report pinpointed out-of-date systems; healthcare system interconnectivity via the internet; and inability to afford advanced security software as three roadblocks to effective cybersecurity.
5. The task force suggested small and medium practices leverage managed security service providers to avoid hiring professional security personnel.
6. Additionally, practices should transfer their patient records to the cloud.
7. Medical device vulnerability accounted for a good chunk of the report, with the task force recommending device vendors become versed in security risks and relay those risks to customers. Additionally, the report called on vendors to require two-factor authentication for external device access and build a medical computer emergency readiness team to response to incidents.
8. The task force also called on the HHS to hire a healthcare cybersecurity leader, who sets industry standard.