Healthcare , Industry Specific , Standards, Regulations & Compliance
Government Steps Up Efforts to Protect Healthcare Data
HSCC's Greg Garcia on How New Healthcare Rules Aim to Strengthen DefensesHealthcare cybersecurity is gaining increased attention from both the industry and the federal government. The focus is on mandatory cybersecurity performance goals and enhancing the protection of small, underserved healthcare providers, said Greg Garcia, executive director, Health Sector Coordinating Council Cybersecurity Working Group.
See Also: Preparing for New Cybersecurity Reporting Requirements
Healthcare providers, Garcia said, often lack the resources and expertise needed to manage cybersecurity effectively. The Biden administration plans to make cybersecurity performance goals mandatory for hospitals. These goals will be integrated into the HIPAA Security Rule, establishing a minimum level of accountability, he said.
"Healthcare providers depend upon this broad, interconnected ecosystem - a whole range of critical services, utilities and technologies that support the system," Garcia said. "If you are a technology or service provider supporting the healthcare industry, which is critical infrastructure, then you need to be held to a higher standard as well, not just the users of that technology."
In this video interview with Information Security Media Group at the 2024 Healthcare Cybersecurity Summit, Garcia also discussed:
- The dual role of Congress in setting policy and providing resources;
- How HHS and CISA can manage cybersecurity risks specific to the healthcare sector;
- HSCC's five-year plan to stabilize healthcare cybersecurity by 2029.
Prior to joining HSCC, Garcia was the nation's first Department of Homeland Security assistant secretary for cybersecurity and communications under President George W. Bush. He also served as executive director of the Financial Services Sector Coordinating Council and held executive positions with Bank of America, 3Com Corp., the Information Technology Association of America, and Americans for Computer Privacy.