Harris Health System is the only healthcare system in the nation awarded a $150,000 grant to help the U.S. Department of Health and Human Services (HHS) develop and improve ways to share cybersecurity threat information and protect the critical cyber infrastructure of the nation's public and private healthcare sector.
In February, President Barack Obama signed an executive order directing agencies to tackle the threat of cybersecurity attacks. The order encourages the development of information sharing and analysis organizations (ISAOs) to serve as focal points for cybersecurity collaboration within the private sector and between the private sector and government.
Jeffrey Vinson, vice president and chief information security officer, Harris Health System, said Harris Health is at the "tip of the spear" in terms of cybersecurity noting the cyber-threat intelligence it receives and sees can be leveraged to help others nationwide secure sensitive healthcare and patient information.
"Over the past decade, healthcare stakeholders have implemented a health information technology infrastructure to access, send and receive electronic health data," he said. "However, unlike other industries such as finance, which have already been transformed by technology, many healthcare organizations have not invested sufficiently in robust IT security measures that can protect and encrypt health data in electronic health record systems, interfaces, repositories, databases, connected medical devices and personal devices."
Between 2010 and 2014, news agencies have reported that approximately 37 million healthcare records have been compromised in data breaches. However, in the first four months of 2015 alone, more than 99 million healthcare records have been exposed through 93 separate attacks. The trend seems to be increasing, Vinson said.
"Through this grant, Harris Health System will identify the cybersecurity information needs and gaps of hospitals and other healthcare organizations across the country," said Steve Curren, director of the critical infrastructure protection program in the U.S. Department of Health and Human Services' office of the assistant secretary for preparedness and response.
Harris Health "will propose a strategy for enhancing the sharing of cybersecurity information among the federal government and private sector partners to better protect the critical cyber infrastructure of the nation's healthcare system," he added. "This planning grant represents a preliminary step toward future activities that HHS may undertake to work with and support information sharing and analysis organizations focused on the healthcare and public health sector."
"A strong cyber defense strategy should address how to prepare and monitor attacks, respond and ultimately recover from breaches," Vinson says. "At a minimum, security architecture across sectors should be able to stall adversarial efforts, thwart attacks at each phase and facilitate a rapid response."
The one-year grant begins later this month.
New national dataset maps how far Australians must drive to reach essential healthcare services