HSCC Joint Cybersecurity Working Group Task Groups

Alignment with Health Care Industry Cybersecurity (HCIC) Task Force Recommendations

2020 TASK GROUPS INITIATIVE: CHAIR(S): PROPOSED DELIVERABLES: HCIC ALIGNMENT:
405(d) – HEALTH INDUSTRY CYBERSECURITY PRACTICES HDO: Erik Decker,  Chief Information Security and Privacy Officer, University of Chicago Medical Center
GCC: Julie Chua, Branch Chief, Risk Management, HHS OCIO
Maintain reference toolkit for minimum level healthcare cybersecurity 1.2 / 1.4 / 2.1 / 4.3 / 5.2
FUTURE GAZING HDO: Mark Jarrett, CQO & Associate CMO, Northwell Health
HDO: Shawn Savadkohi, CISO, San Mateo County Health
GCC: Robert Bastani, Senior Cybersecurity Advisor, HHS ASPR
Identify emerging technologies relevant to healthcare and designate for detailed risk assessments 5.1.3 / 5.1.4
HEALTH TECHNOLOGY RISK ANALYSIS
(Future Gazing Sub-Group)
MDM: Chris Tyberg, Division VP Product Security, Abbott,
HDO: Shawn Savadkohi, CISO, San Mateo County Health
GCC: Robert Bastani, Senior Cybersecurity Advisor, HHS ASPR
Assess identified emerging healthcare technologies and their potential cyber risks to healthcare delivery 2.5.2 / 5.1.1
INTELLECTUAL PROPERTY DATA PROTECTION PHARMA: Greg Barnes, CISO, Amgen
PHARMA: Russell Koste, CISO, Alexion
Best practices for managing R&D intellectual property in pharmaceutical, medical device and academic research subsectors. 5
INTERNATIONAL ENGAGEMENT MDM: Dana-Megan RossiDirector of Cybersecurity, Becton Dickinson
HDO: Lenny Levy, CISO, Security Cubed Consulting
Engage healthcare sector counterparts OCONUS for introductory webinar/concall engagements to compare similarities and differences in sector-wide CIP N/A
MEDICAL TECHNOLOGY MDM: Michael McNeil, Senior Vice President, Global CISO, McKesson 
HDO: Debra Bruemmer, Senior Mgr., Security Resilience Mayo Clinic
GCC: Aftin Ross, Senior Science Health Advisor, FDA
Best practices for secure design and development of medical devices and EHR systems. 2.1 – 2.5 / 4.2
MEDTECH LEGACY DEVICES
(MedTech Sub-Group)
MDM: Ramki Pillai, Digital Product Security Officer, Elekta
HDO: Mike Powers, Clinical Engineering Quality Manager, ChristianaCare
GCC: Jessica Wilkerson, Cyber Policy Advisor, FDA
Develop business solutions, best practices, incentives, and policies for end-of-supported product life management and replacement of legacy medical devices. 2.1
MEDTECH MODEL CONTRACTS
(MedTech Sub-Group)
HDO: Michelle Bentley, Manager, Security Resilience, Mayo Clinic
MDM: Jim Jacobson, Chief Product & Solution Security Officer, Siemens Healthineers
GPO: Jason Ferri, Senior Director Strategic Supplier Engagement, Premier
Develop model cybersecurity contract language between MDMs and HDOs for medical device procurements and servicing 1.2 / 2.1 – 6 / 4.2
MEDTECH VULNERABILITY COMMUNICATIONS
(MedTech Sub-Group)
MDM: Chris Tyberg, Division VP Product Security, Abbott
HDO: Abhishek Agarwal, CISO, Fresenius Medical
GCC: Aftin Ross, Senior Science Health Advisor, FDA
Develop standardized protocols for medical device cybersecurity vulnerability communications among stakeholders 2.2 / 2.6
METRICS FOR CYBERSECURITY ADOPTION HDO: Mark Jarrett, CQO & Assoc. CMO, Northwell Health
GCC: Bob Bastani, Cyber Security Advisor, HHS ASPR
Measure industry adoption of HSCC CWG published best practices and other cybersecurity references such as NIST Cybersecurity Framework 1.2 / 1.4
POLICY HDO: Mari Savickis, Vice President, Federal Affairs, CHIME
CROSS-SECTOR: Carl Anderson, Chief Legal Officer, HITRUST
Standing responsibility for initial analysis of and draft response to regulatory/legislative proposals affecting healthcare cyber security. 1.3.1 / 1.3.4 / 1.3.5 / 1.5 / 4.3
REGULATORY HARMONIZATION
(Policy Sub-Group)
HDO: Dan Bowden, CISO, Sentara Healthcare
MDM: Zach Hornberger, Director of Cybersecurity & Informatics, Medical Imaging Technology Association
Recommend harmonization of healthcare cyber regulation where appropriate 1.3
RISK ASSESSMENT CROSS-SECTOR: Bryan Cline, Vice President, Standards & Analytics, HITRUST Implementation Guide for the NIST Cybersecurity Framework. 1.2 / 1.4 / 3.1 / 3.2 / 4.3
SUPPLY CHAIN CYBER RISK MANAGEMENT MDM: Chris Van Schijndel, Application Security Architect, Johnson & Johnson
PHARMA: Vish Gadgil, Director of IT Risk Management, Merck
Best practices for developing a supply chain cybersecurity procurement organization. 2.5.5 / 4.2 / 4.3
TELEMEDICINE HDO: Mark Jarrett, CQO & Assoc. CMO, Northwell Health Standards of practice for secure provision of web-based or other connected medical services. 4.2
WORKFORCE DEVELOPMENT HDO: Brandyn Blunt, Clinical Engineering Systems Admin, Trinity Health
GCC: Marian Merritt, Lead for Industry Engagement, NIST NICE
Develop guidance for:
1) mapping healthcare cyber professional skills to job roles (e.g., NICE Framework/800-181); 2) cybersecurity curriculum for medical, nursing and pharmacy schools
3.1 / 3.2 / 4.1 / 4.3.5 / 4.5