HAP's Latest News

A Growing Effort to Strengthen Health Care Cybersecurity

April 13, 2022

Lawmakers, information technology experts, and health system leaders across the country are responding to the elevated risk of cybersecurity breaches.

Reports to the U.S. Department of Health and Human Services indicate more than a million people every month were affected by data breaches at health care organizations during 2020. Nationally, lawmakers and federal regulatory agencies are warning the health care community to be on heightened alert to potential cybersecurity threats stemming from Russia’s invasion of Ukraine.

As the nation grapples with a growing cybersecurity threat, several federal regulatory and legislative initiatives have launched recently:

  • The Healthcare Cybersecurity Act:  Introduced last month, this legislation aims to foster collaboration among federal departments, improve information-sharing, and provide training to the health care and public health sectors.
  • The Patch Act:  On March 31, the Protecting and Transforming Cyber Health Care (PATCH) Act was introduced in the U.S. Senate. The legislation would implement cybersecurity requirements for medical devices at the pre-market stage and bolster security throughout the lifecycle of the device, among other changes.
  • Supply Chain Risk Management:  The National Institute of Standards and Technology has released a request for information through April 25 related to the nation's cybersecurity framework and cybersecurity supply chain risk management.
  • New Draft Guidance on Medical Devices:  The U.S. Food and Drug Administration last week issued new draft guidance to improve cybersecurity for medical devices through their lifecycle. The agency is accepting comments on the guidance through July 7.

The need for strong cybersecurity controls will only increase with health care's transition to more digital, network-connected systems, the medical device draft guidance notes.

“In addition, cybersecurity threats to the health care sector have become more frequent and more severe, carrying increased potential for clinical impact,” the draft guidance on medical devices said.

HAP continues to monitor trends in cybersecurity and provide updates and guidance to members. For more information about cybersecurity, contact Jason Tomashunas, MS, CHEP, HAP manageremergency management.