The 2016 Omnibus spending package, signed into law by President Obama, includes language seeking to improve information sharing about and protection against cyber threats. CHIME Board of Trustees Chair Charles E. Christian, CHCIO, LCHIME, FCHIME, issued the following statement:
The Cybersecurity Act of 2015, particularly Section 405, recognizes that the healthcare industry faces unique challenges in safeguarding patient information. We believe that the act will not only improve information sharing among key stakeholders, but also help healthcare providers understand and adopt best practices.
A key provision in the law requires the Department of Health and Human Services to convene a task force that will, among other things, analyze how other industries are addressing cybersecurity. The task force will also be charged with assessing barriers that our organizations face in protecting against cyberattacks. The act includes $31.5 million to enable the National Institutes of Standards and Technology to establish the National Cybersecurity Center of Excellence. And, the law will lead to the creation of industry-led guidelines and best practices. Importantly, it extends liability protections to organizations that voluntary engage in information sharing.
Healthcare chief information officers and chief information and security officers are tasked with the daunting job of protecting patient information in a highly digital environment. Threats are evolving and there’s no respite on the horizon. The Cybersecurity Act of 2015 will allow CIOs and CISOs to share threat indicators and suspected vulnerabilities through a secure national information-sharing infrastructure with the necessary liability protections in place and will not risk patient trust. As an important piece of the nation’s critical infrastructure, it is vital that healthcare organizations have the tools and information they need to identify and more effectively defend against growing cyber threats.