Cybersecurity

Cyberattacks and threats in the healthcare sector are growing at an unprecedented rate and have crippling implications.  Criminal enterprises are perpetrating major cyber breaches on healthcare industry sectors, hoping to steal, expose, alter, disable, or destroy data, applications, or other critical assets, and forcing critical infrastructure to shut down.  

Perhaps more alarming than the criminal intent and ransom demands behind these attacks are their broad-reaching ramifications. These breaches often cause systemwide outages that lead to significant cross-sector disruption — ransacking the delivery of care, toppling critical supply chains, and endangering patients and communities.  

The main obstacles that our industry confronts include: 
  • Shortsighted reactive proposals that impose more rigid standardized cybersecurity preparations and incident responses, which exacerbate vulnerability by creating a “uniform playbook” that bad actors can further leverage in attacks. 
  • Outdated technology and systems along with limited financial resources hinder abilities to upgrade or overhaul security infrastructure. 
  • Pressure to acquiesce to ransom demands to limit exposure and curb the harm to patients in the short term.  
  • Persistent victim blaming threatens irreparable reputational harm to healthcare providers, and disincentivizes transparency in reporting and responding to a cyber incident. 
  • Staffing and financial burdens associated with training workforce use, adoption, and compliance of security measures are significant. 
  • Multiple agencies and authorities with overlapping roles and jurisdiction complicate communications to and from the government as entities navigate reporting guidelines, compliance obligations, and opportunities for federal assistance, support, and response following a breach. 

As the healthcare sector looks to address these challenges, HHS should serve as the clear federal entity coordinating and engaging with the healthcare industry to prevent breaches, mitigate disruption, and restore operations. 

Solutions 

HLC is compiling input from cyber experts across the healthcare industry to inform the development of legislation and regulations to strengthen federal cybersecurity. Our efforts aim to help define appropriate incident reporting and provide restoration and resiliency recommendations.  

Specific areas for policy action include: 
  • Providing liability shields and other incentives for timely reporting and consistent communication as organizations respond to a cyber incident. 
  • Educating relevant stakeholders on cybersecurity risks and preventative steps. 
  • Providing federal support to bolster cybersecurity infrastructure and more rapidly implement patching for identified vulnerabilities. 
  • Establishing a public-private partnership to promote best practices that can quickly adapt to meet rapidly evolving security needs. 
  • Unifying reporting requirements and keeping them to a minimum to prevent resource diversion from addressing a cyber breach and resuming critical services. 
  • Collecting data to research cyberattacks and providing support to breached organizations. 
Key Issues Value-Based Care Medicare Advantage Cybersecurity Artificial Intelligence IRA Implementation Competition

Newsroom

“We Urge Congress To Protect Medicaid Funding” – HLC Statement on Proposed House Budget Resolution
February 13, 2025
HLC Statement on Confirmation of HHS Secretary Robert F. Kennedy, Jr.
February 13, 2025
Telehealth Flexibilities, Enhanced Premium Tax Credits Among Legislative Opportunities in HLC Letter to Congressional Leaders
January 30, 2025
See More

Blog

HLC Members Named to Modern Healthcare’s 100 Most Influential People in Healthcare
December 12, 2024
HLC Members Named to Modern Healthcare’s 50 Most Influential Clinical Executives
July 24, 2024
Recap of HLC’s 2023 Webinars
January 11, 2024
See More