Why not? The feds blew $39bill on the HiTech Act and look at what we got. An Epic world with a shaky follow on called Oracle/Cerner. The feds should have just bought Epic for $39bill and installed Epic across the board. Would have saved a ton of wasted money. So what's another couple of billion to be wasted on cyber problems!
KRS - 6 months ago
I said no because the federal government should focus more on the what, not the how. If a healthcare system fails to protect itself to the point where a foreign (or domestic) bad actor can expose their patient's data and bring down their electronic systems...for months...then the healthcare system needs to be held accountable.
Kate Pierce - 6 months ago
There are amazing tools already available to defend against cyber attacks. The government should instead focus on ensuring that organizations are using available tools (aka mandates) and provide funding for non-profit, underserved organizations such as CAH's, FQHC's, RHC's, nursing homes, etc. that cannot afford the resources (tools, personnel, etc.) to properly protect their networks. The Cybersecurity Act of 2015 created a task group (405d) to provide recommendations and guidance to the health sector - while it's great and has provided amazing tools, these smaller, under resourced organizations have not been able to prioritize cybersecurity for a number of reasons. I would vote to make the healthcare CPG's required, and then fund the smaller organizations to be able to afford to implement them. We don't need more tools.
Paul Anderson - 6 months ago
Aside from the kneejerk reaction that the last thing healthcare in the US needs is more federal regulation, this is a crisis and something has to be done. To truly fix it will probably take many billions, not millions, a federally mandated patient ID, strict no-pay regulations, mandated DR/BR (probably federally supported and/or managed), recovery assistance and as Bill suggested, actually going after the perpetrators (unlikely as that seems to getting China and Russia on board with that, much less North Korea). And we're going to have to get Epic, Oracle and about 200 other critical vendors on board. But the alternative is the status quo where we're incredibly vulnerable and its only a matter of time to where we suffer a coordinated attack that shuts down a good chunk of our healthcare system and people literally die becuase of it.
Bill Spooner - 6 months ago
Fed money would be better directed to global efforts to ferret out the bad actors, not funding activity that is the health system responsibility but underfunded. Organizations make strategic choices, one should be in adequate cyber protection rather than passing the buck to taxpayers.
JT - 6 months ago
I was initially inclined to say No, but then thought if the Feds don’t, it’s like some organizations either won’t or can’t and it’s the patients who will be most affected. We’re already seeing how they are with the Ascension hacking. I surely don’t want to go through any of that! Can I trust that my hospital system is doing everything they should??? ????????????????????
Ralphie - 6 months ago
I said yes with a major caveat. There are definitely needs to strengthen the security posture in protection of healthcare entities. There are already good tools available in the market. This money needs to be spent to augment existing tools and provide benefit to those organizations that lack the funding to implement best in class solutions.
We work on a project that supports FQHCs with health IT adoption, including cybersecurity. We are interested in opportunities for federal funding due to the outsize impact these events can have on health centers, especially smaller ones. We have been investigating opportunities within funding, such as FTCA, to assist in preventive measures vs just for legal response.
Why not? The feds blew $39bill on the HiTech Act and look at what we got. An Epic world with a shaky follow on called Oracle/Cerner. The feds should have just bought Epic for $39bill and installed Epic across the board. Would have saved a ton of wasted money. So what's another couple of billion to be wasted on cyber problems!
I said no because the federal government should focus more on the what, not the how. If a healthcare system fails to protect itself to the point where a foreign (or domestic) bad actor can expose their patient's data and bring down their electronic systems...for months...then the healthcare system needs to be held accountable.
There are amazing tools already available to defend against cyber attacks. The government should instead focus on ensuring that organizations are using available tools (aka mandates) and provide funding for non-profit, underserved organizations such as CAH's, FQHC's, RHC's, nursing homes, etc. that cannot afford the resources (tools, personnel, etc.) to properly protect their networks. The Cybersecurity Act of 2015 created a task group (405d) to provide recommendations and guidance to the health sector - while it's great and has provided amazing tools, these smaller, under resourced organizations have not been able to prioritize cybersecurity for a number of reasons. I would vote to make the healthcare CPG's required, and then fund the smaller organizations to be able to afford to implement them. We don't need more tools.
Aside from the kneejerk reaction that the last thing healthcare in the US needs is more federal regulation, this is a crisis and something has to be done. To truly fix it will probably take many billions, not millions, a federally mandated patient ID, strict no-pay regulations, mandated DR/BR (probably federally supported and/or managed), recovery assistance and as Bill suggested, actually going after the perpetrators (unlikely as that seems to getting China and Russia on board with that, much less North Korea). And we're going to have to get Epic, Oracle and about 200 other critical vendors on board. But the alternative is the status quo where we're incredibly vulnerable and its only a matter of time to where we suffer a coordinated attack that shuts down a good chunk of our healthcare system and people literally die becuase of it.
Fed money would be better directed to global efforts to ferret out the bad actors, not funding activity that is the health system responsibility but underfunded. Organizations make strategic choices, one should be in adequate cyber protection rather than passing the buck to taxpayers.
I was initially inclined to say No, but then thought if the Feds don’t, it’s like some organizations either won’t or can’t and it’s the patients who will be most affected. We’re already seeing how they are with the Ascension hacking. I surely don’t want to go through any of that! Can I trust that my hospital system is doing everything they should??? ????????????????????
I said yes with a major caveat. There are definitely needs to strengthen the security posture in protection of healthcare entities. There are already good tools available in the market. This money needs to be spent to augment existing tools and provide benefit to those organizations that lack the funding to implement best in class solutions.
We work on a project that supports FQHCs with health IT adoption, including cybersecurity. We are interested in opportunities for federal funding due to the outsize impact these events can have on health centers, especially smaller ones. We have been investigating opportunities within funding, such as FTCA, to assist in preventive measures vs just for legal response.