HSCC Joint Cybersecurity Working Group Task Groups

Alignment with Health Care Industry Cybersecurity (HCIC) Task Force Recommendations

2021 TASK GROUPS INITIATIVE: CHAIR(S): PROPOSED DELIVERABLES: HCIC ALIGNMENT:
405(d) – HEALTH INDUSTRY CYBERSECURITY PRACTICES

HDO: Erik Decker,  AVP & CISO, Intermountain Health

GCC: Julie Chua, Director, Governance, Risk Management and Compliance (GRC) Division

Maintain reference toolkit for minimum level healthcare cybersecurity 1.2 / 1.4 / 2.1 / 4.3 / 5.2
FUTURE GAZING

HDO: Mark Jarrett, CQO & Deputy CMO, Northwell Health

HDO: Shawn Savadkohi, CISO, San Mateo County Health

GCC: Robert Bastani, Senior Cybersecurity Advisor, HHS ASPR

Identify emerging technologies relevant to healthcare and designate for detailed risk assessments 5.1.3 / 5.1.4

HEALTH TECHNOLOGY RISK ANALYSIS

(Future Gazing Sub-Group)

MDM: Chris Tyberg, VP Information Security, Abbott

HDO: Shawn Savadkohi, CISO, San Mateo County Health

GCC: Robert Bastani, Senior Cybersecurity Advisor, HHS ASPR

Assess identified emerging healthcare technologies and their potential cyber risks to healthcare delivery 2.5.2 / 5.1.1
INTELLECTUAL PROPERTY DATA PROTECTION

PHARMA: Greg Barnes, CISO, Amgen

PHARMA: Russell Koste, CISO, Alexion

Best practices for managing R&D intellectual property in pharmaceutical, medical device and academic research subsectors. 5
INTERNATIONAL ENGAGEMENT

MDM: Dana-Megan Rossi, Director of Cybersecurity, Becton Dickinson

HDO: Lenny Levy, CISO, Security Cubed Consulting

Engage healthcare sector counterparts OCONUS for introductory webinar/concall engagements to compare similarities and differences in sector-wide CIP N/A
MEDICAL TECHNOLOGY

MDM: Michael McNeil, Senior Vice President, Global CISO, McKesson

HDO: Debra Bruemmer, Senior Mgr., Security Resilience Mayo Clinic

GCC: Jessica Wilkerson, Cyber Policy Advisor, FDA

Best practices for secure design and development of medical devices and EHR systems. 2.1 – 2.5 / 4.2

MEDTECH LEGACY DEVICES

(MedTech Sub-Group)

MDM: Ramki Pillai, Digital Product Security Officer, Elekta

HDO: Mike Powers, Director of Clinical Engineering, Intermountain Healthcare

GCC: Jessica Wilkerson, Cyber Policy Advisor, FDA

Develop business solutions, best practices, incentives, and policies for end-of-supported product life management and replacement of legacy medical devices. 2.1

MEDTECH MODEL CONTRACTS

(MedTech Sub-Group)

HDO: Michelle Bentley, Manager, Security Resilience, Mayo Clinic

MDM: Jim Jacobson, Chief Product & Solution Security Officer, Siemens Healthineers

GPO: Jason Ferri, Senior Director Strategic Supplier Engagement, Premier

Develop model cybersecurity contract language between MDMs and HDOs for medical device procurements and servicing. 1.2 / 2.1 – 6 / 4.2

MEDTECH VULNERABILITY COMMUNICATIONS

(MedTech Sub-Group)

MDM: Chris Tyberg, Division VP Product Security, Abbott

HDO: Abhishek Agarwal, CISO, Fresenius Medical

GCC: Jessica Wilkerson, Cyber Policy Advisor, FDA

Develop standardized protocols for medical device cybersecurity vulnerability communications among stakeholders 2.2 / 2.6
METRICS FOR CYBERSECURITY ADOPTION

HDO: Mark Jarrett, CQO & Deputy CMO, Northwell Health

GCC: Bob Bastani, Cyber Security Advisor, HHS ASPR

Measure industry adoption of HSCC CWG published best practices and other cybersecurity references such as NIST Cybersecurity Framework. 1.2 / 1.4
POLICY

HDO: Mari Savickis, Vice President, Federal Affairs, CHIME

CROSS-SECTOR: Carl Anderson, Chief Legal Officer, HITRUST

Standing responsibility for initial analysis of and draft response to regulatory/legislative proposals affecting healthcare cyber security. 1.3.1 / 1.3.4 / 1.3.5 / 1.5 / 4.3
RISK ASSESSMENT CROSS-SECTOR: Bryan Cline, Vice President, Standards & Analytics, HITRUST Implementation Guide for the NIST Cybersecurity Framework. 1.2 / 1.4 / 3.1 / 3.2 / 4.3
SUPPLY CHAIN CYBER RISK MANAGEMENT

MDM: Chris Van Schijndel, Application Security Architect, Johnson & Johnson

PHARMA: Vish Gadgil, Director of IT Risk Management, Merck

Best practices for developing a supply chain cybersecurity procurement organization. 2.5.5 / 4.2 / 4.3
TELEMEDICINE HDO: Mark Jarrett, CQO & Deputy CMO, Northwell Health Standards of practice for secure provision of web-based or other connected medical services. 4.2
WORKFORCE DEVELOPMENT

PH: Dr. Haifa AbouSamra, Dean, School of Health Sciences, University of South Dakota

MDM: Matt McMahon, Graduate Adjunct Professor, Salve Regina University

GCC: Dr. Reuven Pasternak, Senior Advisor, DHS National Risk Management Center

Develop guidance for:

1) mapping healthcare cyber professional skills to job roles (e.g., NICE Framework/800-181); 2) cybersecurity curriculum for medical, nursing and pharmacy schools

3.1 / 3.2 / 4.1 / 4.3.5 / 4.5