In its plans to combat destabilizing cybercrime and cyberterrorism, the Biden Administration has proposed a roughly 40-page national cybersecurity policy, according to the American Hospital Association and HITRUST.
Healthcare stakeholders have called for concerted federal government action in response to waves of ransomware attacks on hospitals as well as healthcare facilities, making clear assertions about the sophistication of cybercriminals in their requests.
In the National Cybersecurity Strategy report, which was released on March 1, 2023, President Joe Biden stated that by collaborating with allies across the world, the United States is prepared to tackle these cybersecurity issues.
Sen. Mark Warner expressed his delight in the Biden administration’s prioritization of the coordination of cyber incident reporting requirements as well as its renewed focus on safeguarding Americans’ safety and private medical information as cyberattacks on the healthcare systems become more frequent and aggressive.
In November 2022, Warner published a cybersecurity policy options paper with a patient safety focus that covered the national risk posture, federal leadership, requirements for recovering from cyberattacks, and incentives for the private sector that could enhance healthcare cybersecurity capabilities.
The hospital system has partnered extensively with lawmakers as well as federal agencies to confront the seriousness of this national security danger to the public’s health and safety, according to John Riggi, the national risk and cybersecurity advisor for the AHA.
He stated in a statement that the AHA applauds the Biden Administration for its comprehensive national cybersecurity strategy, which understands that private sector efforts alone are insufficient to tackle the serious cyber dangers the country faces.
Cybersecurity is a key issue because healthcare cyberattacks are serious crimes that put people’s lives in danger and impede the delivery of healthcare. Since 2020, the AHA has pushed the federal government to implement strategies resembling those employed in the war on terrorism, employing all available national resources to thwart and eliminate criminal actors with overseas bases.
According to Riggi, the strategy seeks to execute more offensive operations against cyber threat actors to create software security criteria for software developers, in addition to designating ransomware assaults as a national security issue.
Riggi added that the AHA will keep collaborating with the hospital industry, Congress, the administration, and other stakeholders to create and approve cyber policies that are simple to use, efficient, and doable to put into practice.
The national strategy is an ambitious project, according to Robert Booker, chief strategy officer for one of the standards development and assurance groups. He further said that the use of market forces is crucial.
They support strategies that encourage American businesses to use and integrate mature security capabilities from the private sector and that use open, regularly updated measurement as well as assurance systems to gauge or sustain security capacities in the face of constantly changing threats as the federal government moves towards mandating critical infrastructure cybersecurity, Booker said in a statement.
Warner continued, saying he is glad to see the Biden Administration promoting the kinds of best practises they have long called for, like developing and bolstering strong business relationships, investing in the long-term security of the country’s critical infrastructure, being proactive about developing strong cybersecurity foundations, as well as meeting crucial standards. Riggi stated in December last year that there was still much to be done to improve the government’s ability to communicate real-time automated threat indications.
When foreign-based opponents who are protected by hostile nation-states attack, they can only take so much defensive action. In a conversation that also covered Warner’s policy alternatives paper, Riggi stated that the other half of this equation is a vigorous offence by the US government to go after these people.
Warner’s paper made a lot of recommendations for governance but also urged for a well-balanced strategy with duties shared by the public and private sectors.
As cyberattacks on the healthcare systems increase in frequency and aggressivity, he is particularly pleased to see the administration’s heightened emphasis on safeguarding sensitive medical data and American citizens’ safety, Warner added in his statement.
According to Booker, cybersecurity and business leaders throughout American industry are taking seriously the complexity of state and non-state actors, as well as criminal activity that exploits the technology that Americans use every day.
