On Wednesday (April 5), Terence Rice, VP and chief information security officer at Merck & Co., told the Subcommittee on Oversight and Investigations of the House Committee on Energy and Commerce that healthcare cybersecurity still has a long way to go.
“Cybersecurity in the healthcare industry is far worse than what is reported,” Rice stated.
Despite the fact that the healthcare industry was named as the single most attacked industry by the 2016 IBM Cyber Security Intelligence Index, Rice said that the media continues to underreport the security risks facing healthcare.
Rice’s testimony in front of the House Committee laid out the following issues facing the healthcare industry when it comes to cybersecurity: concerns about reputational damage, the strained cybersecurity resources of smaller businesses, the security risk of increasingly portable healthcare information and more opportunities for attacks due to an increase in software usage across the healthcare space.
“Cybersecurity has rapidly become a top concern for governments and industries around the world,” Rice said.
“Nowhere is the situation more acute than in the healthcare industry. In just the last few years, we have seen over 100 million health records exposed in a number of well-publicized security breaches; we have observed cybersecurity researchers demonstrate how software vulnerabilities in insulin pumps and pacemakers could be exploited to cause a lethal attack and we have witnessed entire hospitals in the United States and the United Kingdom shutting down for periods of time to combat a ransomware infection on critical systems,” he continued.
In order to solve the increasing cybersecurity risk facing the healthcare industry, Rice said collaboration between the public and private sectors, as well as greater transparency, are required.
Rice laid out numerous areas of opportunity where this type of collaboration can take place, including appointing a Healthcare Sector Cybersecurity Liaison to the private sector, implementing a digital healthcare identity and increasing the quality and frequency of sharing cybersecurity intelligence.