WASHINGTON, DC – The Subcommittee on Oversight and Investigations, chaired by Rep. Tim Murphy (R-PA), today held a hearing examining the need for greater coordination and leadership on cybersecurity issues across the health care industry, particularly challenges in public-private partnerships.
Full committee Chairman Greg Walden (R-OR) stated, “As technology becomes increasingly integrated with all levels of our health care, cyber threats pose a challenge to the entire sector. Everyone – from the smallest rural hospitals, to large providers and device manufacturers – faces some level of exposure and risk.”
Chairman Murphy gives his opening statement at today’s #SubOversight hearing.
Chairman Murphy highlighted the importance of the health care sector strengthening engagement in public-private partnerships for cybersecurity. Chairman Murphy stated, “Cybersecurity is a collective responsibility and that is why it is imperative that this sector find a way to come together to find a sustainable path forward.”
Mr. Terence M. Rice, Vice President, IT Risk Management & Chief Information Security Officer (CISO) at Merck & Company, Inc., made a series of recommendations in his opening remarks that he suggested could help expand upon existing partnerships and boost collaboration. Among those recommendations were: appoint a health care cybersecurity liaison to the private sector, create an appendix on cybersecurity to agency plans, and facilitate exercises and simulations.
Mr. McNeil testifies before #SubOversight.
Ms. Denise Anderson, President, National Health Information Sharing and Analysis Center, also offered up some key areas where Congress can help in this challenge – education and facilitation of information sharing, better protections for information sharing, clarify the terms “ISAC” and “ISAO” [Information Sharing and Analysis Organizations], and establish cybersecurity professionals as key liaisons.
Mr. Michael McNeil, Global Product Security & Services Officer, Royal Phillips, highlighted the FDA’s role in cybersecurity efforts pertaining to medical devices, saying, “Moreover, the FDA entered into a Memorandum of Understanding with the National Health Information Sharing and Analysis Organization and the Medical Device Innovation, Safety and Security Consortium to promote cybersecurity information sharing for medical devices. These efforts have led to the creation of a medical device-specific information sharing and analysis organization… for medical device manufacturers to submit and share information concerning cybersecurity-related issues, as well as other members of the broader health care ecosystem.”
“This isn’t just about protecting patient data or information – this is about patient safety,” stressed Chairman Murphy.
For more information on today’s hearing, including a background memo, witness testimony, and archived webcast, click HERE.