Cyber Health Advocacy – Patient Safety and Sector Resilience

Our nation’s health sector cybersecurity preparedness is dismal, and progress is slower than the actions and capabilities of those parties who would cause us harm, the consumers and patients of health and care systems. This lack of preparedness leaves our public safety and national security systems/infrastructure exposed to increasingly sophisticated means of cyber exploitation. It is imperative that we establish a the right balance of incentives, with baseline requirements and workforce assistance to improve the health sector and our nation’s security posture.

The health sector is replete with challenges including pandemic induced revenue losses, professional labor shortages and discord, prolific growth in digital health alongside aging-out disparate technologies, and risk exposures to open-door attack surfaces.  First Health Advisory upholds the need for consensus-centered imperatives and advocates care in not placing undue fiscal burden on health entities.  Cyber Resilience is Patent Safety is a shared journey of moving these initiatives forward to better prepare healthcare entities and protect those they serve.   

First Health Advisory’s is a vocal advocate for cybersecurity legislation or executive actions for the greater good of our sector. We believe that the following critical actions should be at the heart of any forthcoming policies and legislation:

• A national cybersecurity system that promotes resilience and cross-sector collaboration with aligned standards.
• A national commitment from the public and private sectors that involves investment by individual entities and the federal government toward a strong infrastructure and workforce.
• A national commitment that draws upon and includes experts and policymakers from all sides of this issue.

Federal Cybersecurity Funding Program

• First Health Advisory advocates that health organizations be incented to meet minimum viable cybersecurity standards (baseline) coupled with fiscal assistance. In addition, baseline phased requirements should include demonstration of these capabilities and others as governed by HHS and the Government Cybersecurity Working Group under the Framework of the Government Coordinating Council (GCC).
• First Health Advisory implores lawmakers to set and raise the bar for cyber hygiene, awareness, and preparedness with investment motivation for qualifying health entities. Support should be available to all provider organizations, including IDNs, hospitals, clinics, dentistry, mental health, urgent care, virtual/digital health, alternative care delivery, community health, wellness, and health plan entities, regardless of size and scale.

Workforce Development Assistance

• First Health Advisory asks Congress for a commitment to developing people competencies and capabilities in healthcare cybersecurity disciplines and across workforce domains.

Regulatory Advancement

• First Health Advisory advocates for recalibrating cybersecurity regulation in consultation with health industry stakeholders and regulators (OCR, ONC, CMS, FDA), mandating current voluntary requirements in support of a stronger health sector security posture and patient safety advances.