Security News

HHS Warns Health IT Infrastructure Could Put Patient Data At Risk

Healthcare’s increasing dependence on interconnected health IT infrastructure could put sensitive patient data at risk, warned HHS in its quadrennial National Health Security Strategy.

HHS logo

Source: Xtelligent Healthcare Media

By Fred Donovan

- Healthcare’s increasing dependence on interconnected health IT infrastructure, such as electronic health records and connected medical devices, could put sensitive patient data at risk, warned HHS in its quadrennial National Health Security Strategy released this month.

As healthcare delivery systems become more connected, they also become more vulnerable to cyberattacks like the 2017 WannaCry ransomware attack campaign, the report observed.

The WannaCry attacks targeted vulnerabilities in aging health IT infrastructure systems and unsupported Microsoft software. They disrupted more than 200,000 computers in around 150 countries.

While health IT can improve efficiency and productivity, it can also have consequences for national health security by:

  • Creating dependency on technology that pervades society, requiring investments in defensive backup, anti-virus, and security systems; awareness training; and vigilance
  • Introducing cyber threats characterized by the exploitation of systems for monetary or political gain
  • Accelerating development and availability of various types of weaponry for malicious purposes
  • Generating opportunities for misuse of scientific research and sensitive or classified public health intelligence or information

As a result of these consequences, cyberattacks could damage critical infrastructure that impacts healthcare and public health such as power grids, or target medical infrastructure, significantly affecting patient treatment.

To counter these and other threats, HHS said the federal government is taking a strategy approach to protecting the US healthcare infrastructure from cyberattacks. That approach has three objectives: 1) prepare, mobilize, and coordinate the federal government to support state and local authorities in the event of an attack, disaster, or other public health emergency; 2) protect the United States from the effects of emerging and pandemic infectious diseases as well as chemical, biological, radiological, and nuclear threats; and 3) leverage the capabilities of the private sector.

The private sector will have a major role in responding to attacks against the healthcare infrastructure. The federal government will pursue several initiatives with the private sector, including developing partnerships to create medical countermeasures (MCMs), fostering a resilient medical product supply chain, incentivizing preparedness, and streamlining processes and increasing efficiencies.

MCMs are “pharmaceutical products, such as vaccines, antimicrobials, and antitoxins, and nonpharmaceutical products, such as ventilators, diagnostic tests, PPE, and patient decontamination materials, that may be used to prevent, mitigate, or treat the adverse health effects from a public health emergency.”

In terms of MCM partnerships, the federal government “will implement partnership strategies to ensure MCMs can quickly traverse advanced R&D when no stable commercial market exists. We will leverage innovative public-private partnership models for use for MCM development,” the report said.

The federal government will work with private-sector partners to reinforce the medical product supply chains, explore approaches to geographically dispersed production of healthcare equipment and supplies, and address challenges in transporting healthcare equipment and supplies.

In addition, the federal government will promote preparedness, mitigation, response, and recovery at all governmental levels. It will ensure that preparedness includes primary care and healthcare systems that are not Medicare certified, measures of preparedness are integrated into standards of care, crisis standards of care are understood by healthcare providers, states are encouraged to adopt portability in healthcare professional licensing and reciprocity to insure care can be provided across state lines, and pre-hospital emergency medical services are integrated into healthcare coalitions and preparedness activities.

To streamline processes and improve efficiencies, HHS said the federal government will work to reduce administrative burdens and provide more flexibility to federal grant recipients so they can adapt to threats and challenges, reduce barriers to the healthcare workforce’s ability to respond to incidents, and define roles and responsibilities in public health emergencies and develop efficient interagency and state and local integration to eliminate duplication.

“All levels of government and society have roles to play to improve the nation’s health security. We must strategically strengthen our partnerships with the aim of improving operational effectiveness and building needed capabilities. We must marshal our best minds and best practices to spur innovation to counter emerging risks, some of which we have not faced in our lifetimes,” the report concluded.