Hill Briefing Highlights Recent Technological Solutions and Areas for Improvement in Health Cybersecurity

Doug Barton, CISSP, Health Chief Technology Officer and Chief Engineer at Leidos

The Healthcare Leadership Council hosted a briefing on Capitol Hill that ventured into the digital aspects of healthcare.  The growth in the number of cyber attacks globally combined with the value of healthcare information has made cybersecurity an issue that is taking on greater prominence in the health industry.    The purpose of this briefing was to clarify the current state of affairs in cybersecurity as well as provide insight into what to expect moving forward, particularly in new-to-healthcare concepts like blockchain, an approach to handling data that gained traction with cryptocurrencies like bitcoin.

Emily Vaughn, blockchain product director for Change Healthcare, explained how blockchains work and their possible uses within a healthcare environment.  The potential for immediate access to shared data and the automatic reconciliation of updates to that data is promising, however the transparency needed for blockchain will limit some of its applicability in the healthcare space.  Cybersecurity solutions will benefit blockchains as they continue to develop in this space.

Doug Barton, Health Chief Technology Officer and Chief Engineer at Leidos, said that the healthcare industry adoption of cybersecurity frameworks is still evolving.  Healthcare organizations struggle to keep up with evolving threats that exist internally, externally, and through partners.  Improving the cyber posture of the U.S. healthcare infrastructure is a national imperative, however assistance is needed through consultative support, additional information resources, and training programs for cybersecurity staff.

Jennings Aske, Chief Information Security Officer for New York-Presbyterian Hospital, described how with 230,000 physician practices, 5,700 hospitals, and 165,000 mobile applications and devices, healthcare has huge cyber “attack surface.”  In most hospitals, the cybersecurity budget is under-funded and under-staffed.  He said government-led technical assistance centers for smaller healthcare providers would help provide the necessary guidance for protection, detection, and recovery from cyber events.