Alignment with Health Care Industry Cybersecurity (HCIC) Task Force Recommendations
| 2018 TASK GROUPS |
INITIATIVE: | CHAIR(S): | PROPOSED DELIVERABLES: | HCIC ALIGNMENT: |
|---|---|---|---|---|
| RISK ASSESSMENT | Bryan Cline, HITRUST; Robert Bastani, HHS ASPR |
Implementation Guide for the NIST Cybersecurity Framework. | 1.2 / 1.4 / 3.1 / 3.2 / 4.3 | |
| MEDICAL TECHNOLOGY JOINT SECURITY PLAN | Rob Suarez, BD; Aftin Ross, HHS FDA; Debra Bruemmer, Mayo Clinic |
Best practices for secure design and development of medical devices and EHR systems. | 2.1 – 2.5 / 4.2 | |
| INTELLECTUAL PROPERTY DATA PROTECTION | Greg Barnes, Amgen; Russell Koste, Alexion |
Best practices for managing R&D intellectual property in pharmaceutical, medical device and academic research subsectors. | 5 | |
| SUPPLY CHAIN CYBER RISK MANAGEMENT | Darren Vianueva, Trinity Health; Chris Van Schijndel, Johnson & Johnson |
Best practices for developing a supply chain cybersecurity procurement organization. | 2.5.5 / 4.2 / 4.3 | |
| TELEMEDICINE | Mark Jarrett, Northwell Health; Matt Quinn, HHS Health Resources and Services Administration |
Standards of practice for secure provision of web-based or other connected medical services. | 4.2 | |
| HEALTH INDUSTRY CYBERSECURITY PRACTICES | Erik Decker, University of Chicago Medical Center; Julie Chua, HHS OCIO |
Maintain reference toolkit for minimum level healthcare cybersecurity. | 1.2 / 1.4 / 2.1 / 4.3 / 5.2 | |
| REGULATION & POLICY | Mari Savickis, CHIME; Theresa Meadows, Cook Children’s Health Care System; Carl Anderson, HITRUST |
Standing responsibility for initial analysis of and draft response to regulatory/legislative proposals affecting healthcare cyber security. | 1.3.1 / 1.3.4 / 1.3.5 / 1.5 / 4.3 | |
| WORKFORCE DEVELOPMENT | Brandyn Blunt, Trinity Health; Marian Merritt, NIST NICE |
Develop guidance for: 1) mapping healthcare cyber professional skills to job roles (e.g., NICE Framework/800-181); 2) provider workforce training and enforcement on user cyber hygiene. | 3.1 / 3.2 / 4.1 / 4.3.5 / 4.5 | |
| CROSS-SECTOR ENGAGEMENT | Denise Anderson, H-ISAC | Proactive outreach with key interdependent sectors (e.g., electricity, communications, transportation, water) to identify and measure asset and service vulnerabilities and threats. | N/A | |
| INFORMATION SHARING | Errol Weiss, H-ISAC Bill Hagestad II, Medtronic |
Improve awareness and use of cybersecurity information sharing tools and organizations. | 5.1.5 / 5.1.6 / 6.1 / 6.2 | |
| FUTURE GAZING | Mark Jarrett, Northwell Health; Shawn Savadkohi, San Mateo County Health; Robert Bastani, HHS ASPR |
Identify and assess emerging benefits and risks to patient safety of emerging healthcare technologies. | 5.1.3 / 5.1.4 | |
| MARKETING & OUTREACH | Sri Bharadwaj, UC Irvine Health; Leon Vinci, Health Promotion Consultants |
Standing support TG for outreach, awareness, and press and social media. | 4.5 / 4.6 | |
| EXERCISES | Ed Brennan, H-ISAC; Garrett Hagood, Coastal Bend Regional Advisory Council |
Work with H-ISAC, ISAO’s, HHS & DHS to plan and execute cyber exercises. | 6.3 |
| 2019 TASK GROUPS |
INITIATIVE: | CHAIR(S): | PROPOSED DELIVERABLES: | HCIC ALIGNMENT: |
|---|---|---|---|---|
| INTERNATIONAL ENGAGEMENT/POLICY | Dana-Megan Rossi, Becton Dickinson; Lenny Levy, Providence St. Josephs Health |
|
N/A | |
| SECURITY CLEARANCES | TBA |
|
6.4 | |
| INCIDENT RESPONSE ROLES & RESPONSIBILITIES (under Exercises 2018 Task Group) |
Garrett Hagood, Coastal Bend Regional Advisory Council | Consider whether the HSCC CWG should participate in cyber incident response activities relative to H-ISAC and ISAOs, and if so, how; respective roles and responsibilities. | 6.1 / 6.2 / 6.3 | |
| REGULATORY HARMONIZATION (under Regulation & Policy 2018 Task Group) |
Dan Bowden, Sentara Healthcare; Zach Hornberger, Medical Imaging Technology Association |
Recommend harmonization of healthcare cyber regulation where appropriate | 1.3 | |
| HEALTH TECHNOLOGY RISK ANALYSIS | Chris Tyberg, Abbott; Shawn Savadkohi, San Mateo County Health; Robert Bastani, HHS ASPR |
Work with DHS National Risk Management Center and HHS to identify emerging healthcare technologies and their potential cyber risks to healthcare delivery | 5.1.1 |