In an effort to better equip healthcare organizations to combat cyber-attacks, the College of Healthcare Information Executives (CHIME) today announced the creation of the CHIME Cybersecurity Center and Program Office. The center will lead efforts to improve information sharing, develop and spread best practices, and encourage greater collaboration across the industry and with federal agencies.
“Cyber threats are becoming more sophisticated and more dangerous every day. Today the focus is ransomware, tomorrow it will be something else. As an industry, we need to pull together and share what’s working so that we can effectively safeguard our systems and protect patients,” said CHIME President and CEO Russell Branzell.
The CHIME Cybersecurity Center will pull from resources inside and outside of healthcare to develop best practices. It will also build on existing partnerships with federal agencies and other organizations. CHIME and Association for Executives in Healthcare Information Security (AEHIS) members will serve as advisors to the center and the industry. CHIME staff will operate the program office, with assistance from member volunteers.
CHIME has been a leading advocate for spreading cybersecurity best practices and increasing information sharing of cyber threats. In testimony May 25 before the House Energy and Commerce Subcommittee on Health, CHIME Board Chair Marc Probst told lawmakers that coordination across federal programs and with the industry is essential to shoring up network defenses.
“It is absolutely critical that we have collaboration across the industry,” added CHIME board member David Finn, health information technology officer at Symantec Corp. Finn is also a member of the Department of Health and Human Services’ Health Care Industry Cybersecurity Task Force, which was authorized by the Cybersecurity Information Sharing Act of 2015. “We talk frequently about sharing cyber data, but if that data isn’t meaningful to those receiving it, if data can’t be turned into useful intelligence, there is no real advantage to sharing. We need to make cyber information useful. We need to have clear direction on how to protect information across the continuum of care. It is like a chain; the strength of our security is only as good as the weakest link.”