Hurd: Hospitals shouldn't look to government for cyber protection
Rep. Will Hurd offered blunt advice to hospitals as the healthcare industry faces an epidemic of cyber attacks.
Rep. Will Hurd (R-Texas) cautioned health providers that they have to pay attention to cybersecurity.
On the black market, a stolen credit card will fetch maybe $2.
But health records, especially Medicare and other payer information, can be worth hundreds, said Rep. Will Hurd (R-Texas) at a May 10 event hosted by Politico.
Hurd isn't the first to point out that health data is a lucrative target for hackers.
The wave of ransomware attacks targeting healthcare providers is likely to accelerate throughout 2016, and hospitals big and small alike need to ensure they're taking the cybersecurity and information backup steps mandated under the Health Insurance Portability and Accountability Act, said Deven McGraw.
"We do not expect perfection," said McGraw, the deputy director for health information policy in the Health and Human Services Department's Office for Civil Rights. "But we do expect entities to devote resources to security."
Hurd noted that hospitals can eliminate or reduce the financial incentive for hackers using ransomware techniques.
One place Hurd wouldn't recommend looking for help: the government.
"If you're the CEO of a hospital and you're looking to OCR for guidance, you're already behind the curve," Hurd said.
He also said law enforcement lacks the resources to help targeted hospitals. While the feds can beef up information sharing options, Hurd stressed that the healthcare industry needs to take security in its own hands.
And in many cases, such security requires nothing fancy.
"Good basic security should be the platform on which all of this is built," McGraw said.
As Hurd and McGraw both noted, the basics include such commonsense computer hygiene as regular backups and teaching employees not to click on the links in sketchy emails.