The healthcare sector in the U.S. is in critical condition and in dire need of an overhaul to address widespread and systemic information security weakness that puts patient privacy and even safety at risk, Congressional Task Force has concluded.
The report, released to members of both the U.S. Senate and House of Representatives on Friday concludes that the U.S. healthcare system is plagued by weaknesses, from the leadership and governance of information security within healthcare organizations, to the security of medical devices and medical laboratories to hiring and user awareness. Many of the risks directly affect patient safety, the group found. It comes amid growing threats to healthcare organizations, including a ransomware outbreak that affected scores of hospitals in the United Kingdom.
The final report by the Health Care Industry Cybersecurity Task Force [PDF] is a call to arms for the healthcare sector, featuring more than 30 pages of recommendations and "imperatives," some of which are bound to be the source of controversy. Among other things, the report calls for the creation of a leader role within the Department of Health and Human Services (HHS) focused on cyber security.
[...] The report describes the U.S. healthcare system as a "mosaic" of large health systems, single physician practices, public and private payers, research institutions, medical device and software companies, the U.S. healthcare sector services a diverse and widespread patient population, often through small practices and rural hospitals. The complexity of the system introduces risk and complicates the job of establishing comprehensive cyber security standards.
[...] The report comes amidst a dawning recognition that the nation's biomedical infrastructure is highly connected and vulnerable, said Dale Nordenberg, the Executive Director of the Medical Device Innovation, Safety and Security Consortium.
[...] To tackle the problem, Congress needs to take a holistic approach, notes Fernando of Underwriters Laboratories. "We're not dealing with silo'd and vertical industries. There's a lot of cross cutting." Funding from the federal government won't solve the problem alone, but federal money can promote activities that, over time, will result in public sector and industry action to improve cyber security, he said.
(Score: 0) by Anonymous Coward on Friday June 16 2017, @01:25AM (2 children)
The gubmint is going to be involved - more.
Things will only get worse.
(Score: 0) by Anonymous Coward on Friday June 16 2017, @02:01AM (1 child)
Yep. I voted for politicians who want government to get worse, so I'm happy it's getting worse! Got what I voted for!
(Score: 2) by c0lo on Friday June 16 2017, @08:07AM
Cool.
The corporations will cry the govt has to do something on cybersecurity, otherwise the costs of doing it themselves will be eating away from their profits.
Guess what will be the results? Your medical info is fair game for anyone, Albanian hackers included.
https://www.youtube.com/watch?v=aoFiw2jMy-0
(Score: 0) by Anonymous Coward on Friday June 16 2017, @01:39AM
No body needs mah murdical records cept mah dockter.
(Score: 2) by kaszz on Friday June 16 2017, @07:11AM (3 children)
Government bureaucrats [x]
MBAs [x]
PHB [x]
Lawyers [x]
Narcissists [x]
These people do many things. Solving problems doesn't seem like being one of them.
Diagnose: Will not be solved!
(Score: 2) by c0lo on Friday June 16 2017, @08:09AM (1 child)
You forgot the "Increased cost of doing business [X]" to support your diagnose.
https://www.youtube.com/watch?v=aoFiw2jMy-0
(Score: 2) by kaszz on Friday June 16 2017, @03:33PM
Ie because it will increase cost (short term) of doing business it will not be done?
Sounds like a perfect match for MBAs ;)
(Score: 0) by Anonymous Coward on Friday June 16 2017, @03:55PM
Next time I see my country MD, I'm going to suggest he turn in his license and become a quack. I'd be happy to stay with him on a cash basis for all the simple stuff... He could charge $100/hour and make house calls if he didn't have to deal with all of the paperwork (which now takes 2-3 people in his office). For simple medical history of people that are basically healthy, paper charts that the doc can fill out himself quickly will be just fine.
Not sure what he could do about the lack of malpractice insurance?
(Score: 1) by jshmlr on Friday June 16 2017, @03:37PM (1 child)
The majority of systems used by Accountable Care Organizations (ACOs, the big "groups" of hospitals and providers) are architect-ed by a small number of manufacturers and software vendors.
In most cases, ACOs just do their systems planning around these vendor's recommendations, and do very little thinking for themselves. While there are regulations that systems need to meet (especially around proper data collection and medical coding for reimbursement by insurance companies and Medicare/aid) they're generally weak around security, especially at the infrastructure level.
Since these ACOs take a back seat to the vendors and manufacturers, and since Data Breach Insurance is often cheaper than properly maintained systems, and since health care in the US isn't affected by market forces in the way that businesses are, there is simply no impetus to "do the right thing" here.
Unfortunately, this means that more regulation is the only viable prescription at this point.
Need nothing, then see what happens.
(Score: 1, Interesting) by Anonymous Coward on Friday June 16 2017, @08:02PM
systems used by Accountable Care Organizations (ACOs, the big "groups" of hospitals and providers) are architect-ed by a small number of manufacturers and software vendors
...and their coders seem to do things in a single-platform way.
...and their apps are all closed-source, of course.
To get away from the easily-pwned OS, one wonders (relative to repeatedly purchasing licenses for Windoze and the apps) how much it would cost to:
- Write a spec for the app(s).
- Hire folks who can do Open Source cross-platform app development.
- Create FOSS replacement app(s).
- Switch the facilities to an Open Source, less vulnerable OS.
N.B. Munich said that they saved millions by switching away from Windoze to FOSS.
The recent instances of Windoze ransomware have the Green Party in Germany noting that the proposed switch back to Windoze is quite stupid.
(This on top of how expensive it would be.)
-- OriginalOwner_ [soylentnews.org]