The recently enacted American Rescue Plan has made funding available to speed the recovery from the pandemic, while also boosting funding for the Cybersecurity and Information Security Agency (CISA) and the General Services Administration (GSA) to improve IT infrastructure and better protect critical infrastructure against cyber threats. $690 million has been made available to CISA to improve cybersecurity across federal civilian networks, bolster threat information sharing, and tackle the growing ransomware threat.
The recent cyberattack on Colonial Pipeline demonstrated how cyberattacks have potential to affect the lives of millions of Americans. The attack forced the shutdown of its fuel pipeline causing disruption to the delivery of fuel to most of the eastern seaboard. The increased funding for cybersecurity is intended to protect critical infrastructure against these cyberattacks, but no funds have been made available to specifically improve protections for the healthcare sector, even though healthcare has been extensively targeted throughout the pandemic and cyberattacks on healthcare providers have caused disruption to patient care.
The Healthcare and Public Health Sector Coordinating Council (HSCC) recently wrote a letter to President Biden urging him to increase funding to improve protections for the healthcare sector and increase resilience to cyber threats.
“The healthcare industry faces relentless cybersecurity threats that have grown in magnitude and complexity year after year,” explained the HSCC in the letter. “These threats to the technology that is integral to patient care have worsened over the course of the pandemic, especially in the proliferation of ransomware attacks.”
The healthcare industry is a lucrative target for cyber threat actors. Healthcare organizations hold large amounts of highly sensitive patient data, and that information is extremely valuable to cybercriminals. The information can be sold to identity thieves and can be used for a wide range of fraudulent purposes. If healthcare organizations are prevented from accessing patient data, it has potential to cause major disruption to patient care and causes patient safety issues. For this reason, when ransomware is used to prevent access to patient data, ransoms are often paid. For as long as the cyberattacks remain lucrative, they will continue and are likely to increase.
“Cybersecurity incidents are a threat not only to national security, they also jeopardize patient safety, as attacks can cause denial of service, medical device corruption, and data manipulation that directly impact clinical operations, patient care and public health,” explained HSCC.
The Department of Health and Human Services and industry groups have put a great deal of effort into raising awareness of cyber threats and have issued guidance to help healthcare organizations improve their defenses and better protect patients; however, the Biden Administration could be doing more to support the healthcare sector and improve resilience to cyber threats.
“In assessing how the American Rescue Plan, coupled with the recently released Executive Order on Improving the Nation’s Cybersecurity, can measurably strengthen the security and resiliency of the healthcare system and patient safety, we request an enhanced strategic planning process within the administration that will complement the ongoing cybersecurity partnership between the HSCC, the Department of Health and Human Services and other essential government partners,” suggested the HSCC in the letter to President Biden. “As you lead the nation out of the pandemic, put more Americans back to work and increase their access to health insurance, the ability of the healthcare sector to deter cyber threats is imperative for the nation to maintain public health and global competitiveness beyond the pandemic.”