Alignment with Health Care Industry Cybersecurity (HCIC) Task Force Recommendations
| 2021 TASK GROUPS | INITIATIVE: | CHAIR(S): | PROPOSED DELIVERABLES: | HCIC ALIGNMENT: |
|---|---|---|---|---|
| 405(d) – HEALTH INDUSTRY CYBERSECURITY PRACTICES |
HDO: Erik Decker, AVP & CISO, Intermountain Health GCC: Julie Chua, Director, Governance, Risk Management and Compliance (GRC) Division |
Maintain reference toolkit for minimum level healthcare cybersecurity | 1.2 / 1.4 / 2.1 / 4.3 / 5.2 | |
| FUTURE GAZING |
HDO: Mark Jarrett, CQO & Deputy CMO, Northwell Health HDO: Shawn Savadkohi, CISO, San Mateo County Health GCC: Robert Bastani, Senior Cybersecurity Advisor, HHS ASPR |
Identify emerging technologies relevant to healthcare and designate for detailed risk assessments | 5.1.3 / 5.1.4 | |
|
HEALTH TECHNOLOGY RISK ANALYSIS
(Future Gazing Sub-Group) |
MDM: Chris Tyberg, VP Information Security, Abbott HDO: Shawn Savadkohi, CISO, San Mateo County Health GCC: Robert Bastani, Senior Cybersecurity Advisor, HHS ASPR |
Assess identified emerging healthcare technologies and their potential cyber risks to healthcare delivery | 2.5.2 / 5.1.1 | |
| INTELLECTUAL PROPERTY DATA PROTECTION |
PHARMA: Greg Barnes, CISO, Amgen PHARMA: Russell Koste, CISO, Alexion |
Best practices for managing R&D intellectual property in pharmaceutical, medical device and academic research subsectors. | 5 | |
| INTERNATIONAL ENGAGEMENT |
MDM: Dana-Megan Rossi, Director of Cybersecurity, Becton Dickinson HDO: Lenny Levy, CISO, Security Cubed Consulting |
Engage healthcare sector counterparts OCONUS for introductory webinar/concall engagements to compare similarities and differences in sector-wide CIP | N/A | |
| MEDICAL TECHNOLOGY |
MDM: Michael McNeil, Senior Vice President, Global CISO, McKesson HDO: Debra Bruemmer, Senior Mgr., Security Resilience Mayo Clinic GCC: Jessica Wilkerson, Cyber Policy Advisor, FDA |
Best practices for secure design and development of medical devices and EHR systems. | 2.1 – 2.5 / 4.2 | |
|
MEDTECH LEGACY DEVICES
(MedTech Sub-Group) |
MDM: Ramki Pillai, Digital Product Security Officer, Elekta HDO: Mike Powers, Director of Clinical Engineering, Intermountain Healthcare GCC: Jessica Wilkerson, Cyber Policy Advisor, FDA |
Develop business solutions, best practices, incentives, and policies for end-of-supported product life management and replacement of legacy medical devices. | 2.1 | |
|
MEDTECH MODEL CONTRACTS
(MedTech Sub-Group) |
HDO: Michelle Bentley, Manager, Security Resilience, Mayo Clinic MDM: Jim Jacobson, Chief Product & Solution Security Officer, Siemens Healthineers GPO: Jason Ferri, Senior Director Strategic Supplier Engagement, Premier |
Develop model cybersecurity contract language between MDMs and HDOs for medical device procurements and servicing. | 1.2 / 2.1 – 6 / 4.2 | |
|
MEDTECH VULNERABILITY COMMUNICATIONS
(MedTech Sub-Group) |
MDM: Chris Tyberg, Division VP Product Security, Abbott HDO: Abhishek Agarwal, CISO, Fresenius Medical GCC: Jessica Wilkerson, Cyber Policy Advisor, FDA |
Develop standardized protocols for medical device cybersecurity vulnerability communications among stakeholders | 2.2 / 2.6 | |
| METRICS FOR CYBERSECURITY ADOPTION |
HDO: Mark Jarrett, CQO & Deputy CMO, Northwell Health GCC: Bob Bastani, Cyber Security Advisor, HHS ASPR |
Measure industry adoption of HSCC CWG published best practices and other cybersecurity references such as NIST Cybersecurity Framework. | 1.2 / 1.4 | |
| POLICY |
HDO: Mari Savickis, Vice President, Federal Affairs, CHIME CROSS-SECTOR: Carl Anderson, Chief Legal Officer, HITRUST |
Standing responsibility for initial analysis of and draft response to regulatory/legislative proposals affecting healthcare cyber security. | 1.3.1 / 1.3.4 / 1.3.5 / 1.5 / 4.3 | |
| RISK ASSESSMENT | CROSS-SECTOR: Bryan Cline, Vice President, Standards & Analytics, HITRUST | Implementation Guide for the NIST Cybersecurity Framework. | 1.2 / 1.4 / 3.1 / 3.2 / 4.3 | |
| SUPPLY CHAIN CYBER RISK MANAGEMENT |
MDM: Chris Van Schijndel, Application Security Architect, Johnson & Johnson PHARMA: Vish Gadgil, Director of IT Risk Management, Merck |
Best practices for developing a supply chain cybersecurity procurement organization. | 2.5.5 / 4.2 / 4.3 | |
| TELEMEDICINE | HDO: Mark Jarrett, CQO & Deputy CMO, Northwell Health | Standards of practice for secure provision of web-based or other connected medical services. | 4.2 | |
| WORKFORCE DEVELOPMENT |
PH: Dr. Haifa AbouSamra, Dean, School of Health Sciences, University of South Dakota MDM: Matt McMahon, Graduate Adjunct Professor, Salve Regina University GCC: Dr. Reuven Pasternak, Senior Advisor, DHS National Risk Management Center |
Develop guidance for: 1) mapping healthcare cyber professional skills to job roles (e.g., NICE Framework/800-181); 2) cybersecurity curriculum for medical, nursing and pharmacy schools |
3.1 / 3.2 / 4.1 / 4.3.5 / 4.5 |