Inside CHIME: Staying Focused on Cybersecurity

4.13.16 by Matthew Weinstock Director of Communications and Public Relations, CHIME

Highly public ransomware attacks have put healthcare in the spotlight. CHIME and AEHIS continue to actively engage industry stakeholders and policymakers in efforts to share information about cybersecurity.

There’s no denying it — the recent spate of ransomware attacks have put healthcare in the national spotlight. From the front page to Capitol Hill, there’s interest in knowing how healthcare organizations are shoring up their defenses. And while ransomware is the topic of the day, it’s important to take a step back and remember that it is only a subset of the broader cybersecurity threats facing the industry.

With that larger picture in mind, CHIME and its affiliate, the Association for Executives in Healthcare Information Security (AEHIS), are engaged in efforts to increase information sharing across the industry and with policymakers. On that latter point, CHIME board members David Finn and Theresa Meadows, R.N., were recently named to Department of Health and Human Services’ Health Care Industry Cybersecurity Task Force. The 21-person task force is mandated by the Cybersecurity Information Sharing Act of 2015 and is charged with analyzing the unique challenges and barriers to cybersecurity in healthcare. It is slated to report to Congress within a year. Additionally, CHIME and AEHIS in February submitted comments to the National Institute of Standards and Technology on its “Framework for Improving Critical Infrastructure Cybersecurity.”

From a member outreach and education perspective, CHIME has a handful of LEAD Forums slated for 2016 focused exclusively on cybersecurity. During these day-long events, attendees will learn from a panel of experts about the keys to building an effective cybersecurity strategy. Additionally, the AEHIS staff has complied a number of external resources that may prove valuable as CIOs and CISOs revisit their plans, including:

• Healthcare and Public Health Sector-Specific Plan: This 2010 document complements that National
  Infrastructure Protection Plan, but focuses on the unique challenges facing healthcare.
• NIST Framework to Reduce Cyber Risks to Critical Infrastructure: The framework contains standards,
  guidelines and practices for protecting critical infrastructure.
• Critical Infrastructure Cyber Community Voluntary Program: Among other things, the so-called C3 program
  helps stakeholders understand the national cybersecurity framework and is a venue for providing feedback.

CHIME and AEHIS members can log in here for the full list of resources.

More Inside CHIME Volume 1, No. 15:

• CHIME Members Honored As Most Powerful Women in Health IT – Matthew Weinstock
• This Week’s Washington Debrief (4.11.16)