2018 – 2019 Initiatives HSCC Joint Cybersecurity Working Group

Alignment with Health Care Industry Cybersecurity (HCIC) Task Force Recommendations

2018
TASK
GROUPS
INITIATIVE: CHAIR(S): PROPOSED DELIVERABLES: HCIC ALIGNMENT:
RISK ASSESSMENT Bryan Cline, HITRUST;
Robert Bastani, HHS ASPR
Implementation Guide for the NIST Cybersecurity Framework. 1.2 / 1.4 / 3.1 / 3.2 / 4.3
MEDICAL TECHNOLOGY JOINT SECURITY PLAN Rob Suarez, BD;
Aftin Ross, HHS FDA;
Debra Bruemmer, Mayo Clinic
Best practices for secure design and development of medical devices and EHR systems. 2.1 – 2.5 / 4.2
INTELLECTUAL PROPERTY DATA PROTECTION Greg Barnes, Amgen;
Russell Koste, Alexion
Best practices for managing R&D intellectual property in pharmaceutical, medical device and academic research subsectors. 5
SUPPLY CHAIN CYBER RISK MANAGEMENT Darren Vianueva, Trinity Health;
Chris Van Schijndel, Johnson & Johnson
Best practices for developing a supply chain cybersecurity procurement organization. 2.5.5 / 4.2 / 4.3
TELEMEDICINE Mark Jarrett, Northwell Health;
Matt Quinn, HHS Health Resources and Services Administration
Standards of practice for secure provision of web-based or other connected medical services. 4.2
HEALTH INDUSTRY CYBERSECURITY PRACTICES Erik Decker, University of Chicago Medical Center;
Julie Chua, HHS OCIO
Maintain reference toolkit for minimum level healthcare cybersecurity. 1.2 / 1.4 / 2.1 / 4.3 / 5.2
REGULATION & POLICY Mari Savickis, CHIME;
Theresa Meadows, Cook Children’s Health Care System;
Carl Anderson, HITRUST
Standing responsibility for initial analysis of and draft response to regulatory/legislative proposals affecting healthcare cyber security. 1.3.1 / 1.3.4 / 1.3.5 / 1.5 / 4.3
WORKFORCE DEVELOPMENT Brandyn Blunt, Trinity Health;
Marian Merritt, NIST NICE
Develop guidance for: 1) mapping healthcare cyber professional skills to job roles (e.g., NICE Framework/800-181); 2) provider workforce training and enforcement on user cyber hygiene. 3.1 / 3.2 / 4.1 / 4.3.5 / 4.5
CROSS-SECTOR ENGAGEMENT Denise Anderson, H-ISAC Proactive outreach with key interdependent sectors (e.g., electricity, communications, transportation, water) to identify and measure asset and service vulnerabilities and threats. N/A
INFORMATION SHARING Errol Weiss, H-ISAC
Bill Hagestad II, Medtronic
Improve awareness and use of cybersecurity information sharing tools and organizations. 5.1.5 / 5.1.6 / 6.1 / 6.2
FUTURE GAZING Mark Jarrett, Northwell Health;
Shawn Savadkohi, San Mateo County Health; Robert Bastani, HHS ASPR
Identify and assess emerging benefits and risks to patient safety of emerging healthcare technologies. 5.1.3 / 5.1.4
MARKETING & OUTREACH Sri Bharadwaj, UC Irvine Health;
Leon Vinci, Health Promotion Consultants
Standing support TG for outreach, awareness, and press and social media. 4.5 / 4.6
EXERCISES Ed Brennan, H-ISAC;
Garrett Hagood, Coastal Bend Regional Advisory Council
Work with H-ISAC, ISAO’s, HHS & DHS to plan and execute cyber exercises. 6.3

 

2019
TASK
GROUPS
INITIATIVE: CHAIR(S): PROPOSED DELIVERABLES: HCIC ALIGNMENT:
INTERNATIONAL ENGAGEMENT/POLICY Dana-Megan Rossi, Becton Dickinson;
Lenny Levy, Providence St. Josephs Health
  • Toolkit for establishing international coordinated vulnerability disclosure program
  • Engage with CIP sector representative groups in other regions/countries to explore partnerships and best practices
N/A
SECURITY CLEARANCES TBA
  • Determine policy and process for security clearances
  • Establish series of IC/LE briefings
6.4
INCIDENT RESPONSE ROLES & RESPONSIBILITIES
(under Exercises 2018 Task Group)
Garrett Hagood, Coastal Bend Regional Advisory Council Consider whether the HSCC CWG should participate in cyber incident response activities relative to H-ISAC and ISAOs, and if so, how; respective roles and responsibilities. 6.1 / 6.2 / 6.3
REGULATORY HARMONIZATION
(under Regulation & Policy 2018 Task Group)
Dan Bowden, Sentara Healthcare;
Zach Hornberger, Medical Imaging Technology Association
Recommend harmonization of healthcare cyber regulation where appropriate 1.3
HEALTH TECHNOLOGY RISK ANALYSIS Chris Tyberg, Abbott;
Shawn Savadkohi, San Mateo County Health;
Robert Bastani, HHS ASPR
Work with DHS National Risk Management Center and HHS to identify emerging healthcare technologies and their potential cyber risks to healthcare delivery 5.1.1