Mark Warner seeks to advance information security in the healthcare sector

mark warnerU.S. Sen. Mark Warner (D-VA) wrote to various health care stakeholders to seek input on ways to best improve cybersecurity in the healthcare industry.

In the letters, Sen. Warner, a member of the Senate Finance Committee and co-chair of the Senate Cybersecurity Caucus, pointed to the increasing toll of innovation on information security, expressed concern about the impact of cyber-attacks on the health care sector, and conveyed his desire to work alongside health care entities to develop strategies that strengthen information security.

“The increased use of technology in health care certainly has the potential to improve the quality of patient care, expand access to care (including by extending the range of services through telehealth), and reduce wasteful spending. However, the increased use of technology has also left the health care industry more vulnerable to attack,” said Sen. Warner. “As we welcome the benefits of health care technology we must also ensure we are effectively protecting patient information and the essential operations of our health care entities.”

According to the Government Accountability Office, more than 113 million care records were stolen in 2015. A separate study conducted that same year estimated that the cost of cyberattacks would cost our health care system $305 million over a five-year period. Furthermore, a 2017 report by Trend Micro found that over 100,000 healthcare devices and systems were exposed directly to the public internet, including electronic health record systems, medical devices, and network equipment.

“I would like to work with you and other industry stakeholders to develop a short and long term strategy for reducing cybersecurity vulnerabilities in the health care sector,” Sen. Warner concluded. “It is my hope that with thoughtful and carefully considered feedback we can develop a national strategy that improves the safety, resilience, and security of our health care industry.”

The sensitive nature of medical information makes the health care industry a lucrative target for criminals seeking to profit from personally identifiable information. Medical records often contain private information, including a patient’s social security number, address, and health history. When stolen, this information can be used to conduct identity theft or ransomware attacks.

In order to start a dialogue and gather facts about cybersecurity vulnerabilities, Sen. Warner also asked the following questions:

  1. What proactive steps has your organization taken to identify and reduce its cyber security vulnerabilities?
  2. Does your organization have an up-to-date inventory of all connected systems in your facilities?
  3. Does your organization have real-time information on that patch status of all connected systems in your facilities?
  4. How many of your systems rely on beyond end-of-life software and operating systems?
  5. Are there specific steps your organization has taken to reduce its cybersecurity vulnerabilities that you recommend be implemented industry wide?
  6. One of the imperatives from the Health Care Industry Cybersecurity Task Force Report  is for the sector to “develop the heath care workforce capacity necessary to prioritize and ensure cybersecurity awareness and technical capabilities.” To that end, what workforce and personnel challenges does your organization face in terms of security awareness and technical capacity? What steps have you taken to develop the security awareness of your workforce and/or add or grow technical expertise within your organization?
  7. Has the federal government established an effective national strategy to reduce cybersecurity vulnerabilities in the health care sector? If not, what are your recommendations for improvement?
  8. Are there specific federal laws and/or regulations that you would recommend Congress consider changing in order to improve efforts to combat cyberattacks on health care entities?
  9. Are there additional recommendations you would make in establishing an industry wide strategy to improve cybersecurity in the health care sector?

Letters were sent to some of the nation’s largest health stakeholders: the American Hospital AssociationAdvaMedAmerica’s Health Insurance PlansHealthcare Information and Management Systems SocietyAmerican Medical AssociationVirginia Hospital and Healthcare AssociationVirginia Association of Health Plans,National Rural Health AssociationFederation of American HospitalsHealthcare Leadership CouncilHealth Information Sharing and Analysis Center, and Med ISAO.

UVA Basketball Fans!

uva basketball team of destiny
Team of Destiny: Inside Virginia Basketball’s Run to the 2019 National Championship, by Jerry Ratcliffe and Chris Graham, is available for $25. The book, with additional reporting by Zach Pereles, Scott Ratcliffe, and Scott German, will take you from the aftermath of the stunning first-round loss to UMBC in 2018 through to the thrilling overtime win over Texas Tech to win the 2019 national title, the first in school history.

Dick Vitale on Team of Destiny: “This is a hoops story you will LOVE! Jerry and Chris capture the sensational and dramatic championship journey by Tony Bennett and his tenacious Cavalier team. UVA was Awesome Baby and so is this book!”

Ralph Sampson on Team of Destiny: “Jerry and Chris have lived and seen it all, even before my time. I highly recommend this book to every basketball fan across the globe. This story translates to all who know defeat and how to overcome it!”

Buy here.




augusta free press
augusta free press
augusta free press news