Healthcare Industry Cybersecurity Task Force announced

The Department of Health and Human Services today announced the members of the Health Care Industry Cybersecurity Task Force. Task Force members represent a wide variety of organizations within the health care and public health sector, including hospitals, insurers, patient advocates, security researchers, pharmacy and pharmaceutical companies, medical device manufacturers, health information technology developers and vendors, and laboratories. Many of the members are Chief Information Security Officers or equivalent positions within their organizations, while others have expertise in clinical medicine, software development, information security, and related fields.

The Task Force will hold four in-person meetings over the course of the year. These meetings will be open to the public on a space-available basis. In between in-person meetings the Task Force will meet by teleconference. As these teleconferences will be focused primarily on administrative matters and document preparation, they are not expected to be open to the public.

The Cybersecurity Information Sharing Act of 2015 does not specify a due date for the Task Force report. It is expected that it will be delivered in the next year, as the term of the Task Force expires in March 2017.

Background

From the beginning of the Administration, the President has made it clear that cybersecurity is one of the most important challenges we face as a nation. That is why the Administration has led a broad strategy to enhance the Federal Government’s cybersecurity, including both our defensive and offensive capabilities, to tackle today’s increasingly sophisticated cyber actors. 

While all industries continue to face a growing threat of attacks on their information systems, the size and scope of attacks on health care information systems have accelerated particularly rapidly in the past two years. Health care data may be used for a variety of nefarious purposes, including fraud, identity theft, and disruption of hospital systems. Connected medical devices with cybersecurity vulnerabilities left unaddressed could pose a risk to patient safety.   Security of health care data and medical devices is essential to protecting patients and providing them with the highest level of care.

The Cybersecurity Information Sharing Act of 2015 tasked HHS with the creation of a Health Care Industry Cybersecurity Task Force. Under the Act, the Task Force was to consist of subject matter experts within and outside government, who would be selected by the Secretary of HHS in coordination with the Department of Homeland Security (DHS) and the National Institutes of Standards and Technology (NIST).

Members of the Task Force

Task Force members were selected based on recommendations from a panel of subject matter experts from HHS, DHS, and NIST. The following criteria were used in selecting Task Force members:

• Service in a position of influence in an organization that is representative of a component of the broad health care and public health sector
• Experience in dealing with technical, administrative, management, and/or legal aspects of health information security
• Knowledge of major health information security policies, best practices, organizations, and trends
• Ability to participate actively in Task Force meetings and contribute to Task Force products

The members of the Health Care Industry Cybersecurity Task Force are: