Mark Warner urges health care industry to help in creating ‘national strategy’ for cybersecurity

February 22, 2019

Healthcare industry stakeholders were urged Thursday to engage with federal lawmakers to help develop a “national strategy” for addressing serious cybersecurity concerns.

Sen. Mark Warner, Virginia Democrat and co-chair of the Senate Cybersecurity Caucus, made the plea in letters sent to more than a dozen groups including the American Hospital Association, the American Medical Association and the Federation of American Hospitals.

“The increased use of technology in health care certainly has the potential to improve the quality of patient care, expand access to care (including by extending the range of services through telehealth), and reduce wasteful spending. However, the increased use of technology has also left the health care industry more vulnerable to attack,” Mr. Warner wrote. “As we welcome the benefits of health care technology we must also ensure we are effectively protecting patient information and the essential operations of our health care entities.”

“I would like to work with you and other industry stakeholders to develop a short and long term strategy for reducing cybersecurity vulnerabilities in the health care sector,” Mr. Warner continued. “It is my hope that with thoughtful and carefully considered feedback we can develop a national strategy that improves the safety, resilience and security of our health care industry.”

Hackers have repeatedly hit targets within the healthcare industry in recent years, in turn causing damage ranging from stealing patient data to disrupting hospital operations.

More than 113 million healthcare records were compromised in 2015, according to the Government Accountability Office, and a study released that same year by Accenture, an international consulting firm, found that similar cyberattacks would cost the U.S. healthcare system $305 billion in a half-decade, Mr. Warner noted.

More recently, a 2017 report from Trend Micro, a Japanese-based cybersecurity company, said that researchers were able to find over 100,000 healthcare devices, including systems, machines and network equipment, exposed directly to the public internet and effectively discoverable by hackers, Mr. Warner recalled.

The letters seek answers ranging from details on the current cybersecurity practices employed by healthcare industry stakeholders, to the recipients’ recommendations for others.

“Has the federal government established an effective national strategy to reduce cybersecurity vulnerabilities in the health care sector? If not, what are your recommendations for improvement?” Mr. Warner asked.

Representatives for the American Hospital Association, the American Medical Association and the Federation of American Hospitals did not immediately return messages seeking comment.