October is National Cybersecurity Awareness Month, which provides us in the public health emergency management community a time to think about how we prepare for and respond to cybersecurity incidents within the context of all hazards. One thing has become increasingly clear over the past several years: cybersecurity is not just an IT problem. It also is a patient safety issue and it is increasingly an emergency management issue. This year healthcare organizations throughout the nation have been hit by an unprecedented round of ransomware attacks, which have temporarily incapacitated critical functions within hospital systems and led to disruptions in normal operations. These attacks have led facilities to implement emergency management plans, stop taking new patients, and cancel elective procedures. Responding to cybersecurity attacks has required close coordination among emergency managers, IT managers, healthcare staff, and law enforcement agencies to bring systems back on-line while mitigating the impacts of the attacks on patient care.
Two public events next week will showcase the work that ASPR and our HHS and other Federal Government, state, local, and private sector partners are undertaking to promote patient safety by promoting effective cybersecurity through two different bodies: the Healthcare and Public Health Sector Coordinating Council and the Health Care Industry Cybersecurity Task Force.
On October 24 and 25, the ASPR Critical Infrastructure Protection Program will host the annual partnership meeting of the Healthcare and Public Health Sector Government Coordinating Council and Sector Coordinating Council. This year’s meeting will focus on resilience, risk and reward within the critical infrastructure of the U.S. healthcare and public health sector, including a session-specific track focused on cybersecurity. The cybersecurity track will feature discussions on issues related to the management of cybersecurity threats, recent policy developments, information sharing coordination, and other topics that can help you prepare for, respond to and recover from a cybersecurity attack. The Healthcare and Public Health Sector Government Coordinating Council and Sector Coordinating Council represents private sector interests and perspectives in the public-private effort to protect the national healthcare infrastructure. Made up of representatives, organizations, trade associations, and professional societies who operate within the healthcare sector, the Council works to meet the specific needs of owners and operators and to inform and influence government policy and action with regard to infrastructure protection.
On October 26, 2016, Health Care Industry Cybersecurity Task Force will hold its third in-person meeting, which will focus on cybersecurity information sharing activities within the Federal Government and private sector. The meeting will include panel discussions on the Federal approach for healthcare industry cybersecurity and on commercial sector information sharing. HHS established the Health Care Industry Cybersecurity Task Force under the Cybersecurity Information Sharing Act of 2015 to bring together subject matter experts to provide recommendations for increasing healthcare industry cybersecurity in light of recent threats.
Registration is open for both events. See below for registration details:
We hope that you can join us to exchange ideas on improving cybersecurity and information sharing. By working together across industry, government and academia, we can find better solutions to cybersecurity challenges, improve information sharing, and decrease financial and health risks.
