Healthcare , Industry Specific , Standards, Regulations & Compliance
The Push for New Healthcare Sector Cybersecurity Legislation
Virginia Democratic Sen. Mark Warner on Improving Healthcare CybersecurityVirginia Democratic Sen. Mark Warner, who chairs the Senate Select Committee on Intelligence, says he hopes to gather support for new bipartisan legislation this year to incentivize healthcare sector entities to meet certain minimum cybersecurity standards and tackle other top security concerns.
See Also: Making Sense of FedRAMP and StateRAMP
"It's not going to be any single senator that introduces the bill that gets across the finish line. This is going to have to be a collaboration," he says in an interview with Information Security Media Group.
Warner's office last November issued a 36-page report that examined the state of healthcare sector cybersecurity. It concluded that cybersecurity is a patient safety issue and offered up dozens of policy considerations to potentially help address the industry's long list of challenges (see: Cybersecurity Is Patient Safety, Says US Senator).
The report, which invited public feedback, garnered nearly 100 comments, he says.
Among its proposals was the suggestion that entities participating in Medicare and Medicaid programs be mandated to apply minimum security practices as a standard operating procedure. While industry trade groups - as well as most Republican legislators - generally oppose any prospect of new federal mandates, some healthcare entities appear hungry for more solid direction, Warner says.
"Interestingly enough, I thought this was very telling: A number of smaller hospital systems and even some of the doctor groups, said voluntary doesn't work. We got to have some level of mandate," he says.
"I do fear that we are one major cyber health event away from everybody going, 'Holy heck,' and then, potentially, Congress overreacting."
In the video interview, Warner also discusses:
- Why the fragmented health sector cybersecurity leadership structure in the federal government needs revamping;
- Addressing the cybersecurity workforce shortage and the Food and Drug Administration's recently expanded authority over medical device cybersecurity;
- Why it was a mistake to not include interoperability standards requirements years ago as part of the HITECH Act financial incentive program for the "meaningful use" of electronic health records.
Warner was elected to the U.S. Senate in 2008 and reelected to a third term in November 2020. He serves as chairman of the Senate Select Committee on Intelligence and as a member of the Senate Finance, Banking, Budget, and Rules committees. From 2002 to 2006, he served as governor of Virginia. Before entering public office, Warner spent 20 years as a technology and business leader in Virginia and co-founded the company that became Nextel.
Over 5,000 health data breaches since 2009 have affected the personal information of 370 million people. Ransomware gangs and hackers are targeting healthcare providers, insurance firms and partners at an alarming rate. Targeting Healthcare explores these trends and how the industry can respond.