The House Committee on Energy and Commerce on cybersecurity in health care recently held a hearing to discuss the need for strong cybersecurity in the health care industry. Framing the issue as a public safety concern, Chairman Tim Murphy stated, “This isn’t just about protecting patient data or information. This is about patient safety.”
While it is most common to consider cybersecurity in the health care industry in the context of patient information confidentiality, the hearing identified two other areas particularly sensitive to cyberthreats.
First, patient information stored online must remain available at all times. Many consumers can remember the Distributed Denial of Service attacks on mainstream websites that occurred in late 2016 or can recall an instance of ransomware. Both of these attacks cause data to become inaccessible for a period of time. If critical patient information is unavailable when it is needed, health care professionals are missing a huge part of patient care.
Second, the hearing also discussed the integrity of patient information. If a hacker can access confidential information and make small changes to it, such as altering the dosage or deleting allergy information, the effects on a patient can vary from harmful to devastating.
As consumers have so aptly learned in recent years, cybersecurity does not discriminate by industry or size of the organization or entity. Health care networks are just as at risk as other companies or agencies. By opening the discussion of the risks up to include the health care industry, the House Committee on Energy and Commerce has again showed the need for all entities to work together to combat cyberthreats.
A full, preliminary transcript of the Hearing is available here.