Warner pushes health care sector on cyber
Sen. Mark Warner (D-Va.) wants to partner with the health care industry to develop a strategy for dealing with an unprecedented wave of cyberattacks over the past year.
Sen. Mark Warner (D-Va.) wants to partner with the health care industry to develop a strategy for dealing with an unprecedented wave of cyberattacks over the past year.
In letters sent Feb. 21 to a dozen health care organizations and associations, Warner notes that the health care sector is a "lucrative" target for ransomware attacks and data theft, problems that will only get worse as hospitals, clinics and other health care organizations continue to digitize medical records and implement new technology.
The increased reliance on technology has "left the health care industry more vulnerable to attack, as the industry has embraced innovation that imbues ever-more products, processes and services with internet connectivity and software-based functionality -- with security and resiliency often an afterthought," wrote Warner.
Cybersecurity experts consistently flag the health care industry as one of the sectors most vulnerable to malicious cyberattack. The industry experienced dozens of large, high-profile hacks, breaches and data exposures in 2018, and last year, cybersecurity company Fortinet said internal data showed the industry experienced twice as many cyber incidents on average compared to other industrial sectors.
In January, the Department of Health and Human Services released new cybersecurity guidance to health care organizations warning that the lack of security standards, increased reliance on connected devices and a push towards digitized records are all contributing factors to a larger attack surface for phishing, ransomware, data theft, insider threats and other targeted attacks against the industry.
Warner said he wants to work with the organizations to develop "a short and long range" strategy for mitigating cybersecurity vulnerabilities in the health care sector. He asked each organization for insight into what protections they currently have in place, whether they can inventory all their connected systems and track if they've installed the latest security patches, what challenges they face recruiting cyber employees and suggestions about laws or regulations for Congress to consider.