TLDR:
- The Healthcare and Public Health Sector Coordinating Council has published a 5-year healthcare cybersecurity strategic plan.
- The plan aims to improve and protect patient safety, upgrade healthcare cybersecurity, and create a cyber safety net in the industry.
The Healthcare and Public Health Sector Coordinating Council (HSCC) has recently released a 5-year healthcare cybersecurity strategic plan. Developed over eighteen months by the Cybersecurity Working Group and government partners, the plan serves as a roadmap for addressing frequent and sophisticated cyber incidents in the health industry. The plan, known as HIC-SP, is designed to guide C-suite executives, health IT leaders, and government agencies on cyber investments and implementing essential cybersecurity goals. The main goal of publishing the plan is to improve and protect patient safety, and the HSCC intends to release measurable outcomes and appropriate metrics by the end of 2024 to support the plan’s success. The plan also aims to upgrade healthcare cybersecurity from “critical” to a “stable condition” by 2029 and create a cyber safety net in the industry.
In addition to improving patient safety, the plan focuses on creating a cyber safety net that promotes cyber equity among under-resourced health organizations, workforce cybersecurity learning, and an industry early-warning incident response and recovery system. The plan relies on collaboration across the healthcare ecosystem to secure design and technology delivery and also addresses the risks posed by third-party technology and service providers in the health system. IT teams have been spending significant time on vendor risk-management analyses and plan to move forward from manual, labor-intensive processes to more efficient methods. The HSCC urges all health industry stakeholders to join in the imperative for the benefit of patients and the overall health of the sector, emphasizing the shared responsibility and collaborative effort needed to achieve these cybersecurity goals.