On October 26, 2016 HIMSS, the leading organization in the US for health information technology and data management, issued a Call to Action for the healthcare industry to work together with cybersecurity experts from different sectors to enhance the preparedness of the healthcare industry to the imminent threat of cyber-attacks. The Call to Action reinforces the very real threat that the healthcare industry faces from internal and external threats. In a blog post announcing the Call to Action, Lee Kim, Director for Privacy and Security at HIMSS North America, and Samantha Burch, Senior Director, Congressional Affairs, HIMSS North America state that “Given the vast amount of data being breached and large numbers of healthcare organizations being compromised by both insider and external threat actors (such as nation state and non-state actors, organized cybercriminals and others), it is clear the health sector needs to change its attitude toward the adoption of cybersecurity practices.”

The HIMSS Call to Action makes clear that risks to the healthcare industry from cyber-attacks go beyond mere financial and reputational damage. “The health sector currently is too vulnerable to cyber-attacks and compromises. Patient safety hangs in the balance. As a critical infrastructure sector, the health sector cannot afford to wait any longer in revolutionizing our collective approach to cybersecurity and working collaboratively with the federal government and others towards a solution. It is only a matter of time before a patient is seriously injured or potentially dies as a result of a cyber-attack or compromise—unless all stakeholders make a commitment to work together to redraw a new baseline for the health sector.”

HIMSS is recommending three key steps as part of its Call to Action:

  1. Adoption of a Universal Information Privacy and Security Framework for the Health Sector;
  2. Having Congress create a Cyber Leader role with the US Department of Health and Human Services; and
  3. Addressing the shortage of qualified cybersecurity professionals.

The HIMSS Call to Action is an important reminder that healthcare is extremely vulnerable to cyber-attack and that everyone in the healthcare sector should be taking immediate steps to prepare for and respond to these attacks. Troutman Sanders Healthcare and Cybersecurity Practices will continue to follow the HIMSS Call to Action and provide updates on significant developments.