Healthcare , Industry Specific

How Incentives Could Help Fuel Healthcare Cyber Investment

Healthcare Coordinating Council's Greg Garcia on Federal Moves to Bolster Security
Greg Garcia, executive director of cybersecurity, HSCC

Potential regulatory policy moves by the federal government could help healthcare entities dedicate more resources to bolstering their cybersecurity efforts, says Greg Garcia, executive director of cybersecurity at the Health Sector Coordinating Council.

See Also: Securing Healthcare: Minimizing Risk in an Ever-Changing Threat Landscape

"We've had a number of consultations with the Department of Health and Human Services about how we can better incentivize the healthcare industry to make those appropriate investments that maybe will move the needle toward a higher level of preparedness," he tells Information Security Media Group.

For instance, the Centers for Medicare and Medicaid Services is considering whether it can potentially provide higher Medicare reimbursements as an incentive "to do the right thing in cybersecurity," he says. "If you can show that you are managing the security of medical devices in a more secure way, reimbursement can also be an incentive for that," he says.

Other possibilities include grant programs from HHS, he says. "Perhaps a matching grant to give smaller hospital systems a leg up in terms of investing in Health Information Sharing and Analysis Center membership … or to invest in managed security services," he says.

There have already been moves by Congress and HHS to help encourage healthcare sector entities to beef up their security efforts.

For instance, congressional legislation signed into law in early 2021 amended the HITECH Act, instructing HHS' Office for Civil Rights to consider whether a breached entity has made a good faith attempt to implement "recognized security practices" in the prior 12 months before the agency issues a HIPAA penalty or other enforcement action, he says.

"We think there is a lot that HHS can do," he adds.

In this video interview with Information Security Media Group, Garcia also discusses:

  • Supply chain cyberattack trends;
  • Medical device cybersecurity issues;
  • The top challenges faced by healthcare CISOs and other security leaders.

Prior to joining HSCC, Garcia was the nation's first Department of Homeland Security assistant secretary for cybersecurity and communications under President George W. Bush. He also served as executive director of the Financial Services Sector Coordinating Council and held executive positions with Bank of America, 3Com Corp., the Information Technology Association of America and Americans for Computer Privacy.

About the Author

Marianne Kolbasuk McGee

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity, ISMG

McGee is executive editor of Information Security Media Group's media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site and played a lead role in the launch of InformationWeek's healthcare IT media site.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.