How Incentives Could Help Fuel Healthcare Cyber InvestmentHealthcare Coordinating Council's Greg Garcia on Federal Moves to Bolster Security
Potential regulatory policy moves by the federal government could help healthcare entities dedicate more resources to bolstering their cybersecurity efforts, says Greg Garcia, executive director of cybersecurity at the Health Sector Coordinating Council.
"We've had a number of consultations with the Department of Health and Human Services about how we can better incentivize the healthcare industry to make those appropriate investments that maybe will move the needle toward a higher level of preparedness," he tells Information Security Media Group.
For instance, the Centers for Medicare and Medicaid Services is considering whether it can potentially provide higher Medicare reimbursements as an incentive "to do the right thing in cybersecurity," he says. "If you can show that you are managing the security of medical devices in a more secure way, reimbursement can also be an incentive for that," he says.
Other possibilities include grant programs from HHS, he says. "Perhaps a matching grant to give smaller hospital systems a leg up in terms of investing in Health Information Sharing and Analysis Center membership … or to invest in managed security services," he says.
There have already been moves by Congress and HHS to help encourage healthcare sector entities to beef up their security efforts.
For instance, congressional legislation signed into law in early 2021 amended the HITECH Act, instructing HHS' Office for Civil Rights to consider whether a breached entity has made a good faith attempt to implement "recognized security practices" in the prior 12 months before the agency issues a HIPAA penalty or other enforcement action, he says.
"We think there is a lot that HHS can do," he adds.
In this video interview with Information Security Media Group, Garcia also discusses:
- Supply chain cyberattack trends;
- Medical device cybersecurity issues;
- The top challenges faced by healthcare CISOs and other security leaders.
Prior to joining HSCC, Garcia was the nation's first Department of Homeland Security assistant secretary for cybersecurity and communications under President George W. Bush. He also served as executive director of the Financial Services Sector Coordinating Council and held executive positions with Bank of America, 3Com Corp., the Information Technology Association of America and Americans for Computer Privacy.