Today: Rural Hospital Cybersecurity Enahncement Act
Episode 9716th May 2023 • This Week Health: Newsroom • This Week Health
00:00:00 00:13:00

Transcripts

today in health, it rural hospitals, cybersecurity enhancement act. Introduced. And we're going to talk about it today. My name is bill Russell. I'm a former CIO. For a 16 hospital system and creator of this week health set of channels dedicated to keeping health it staff current and engaged. We want to thank our show sponsors who are investing in developing the next generation of health leaders.

Short test and artist site two great companies. Check them out at this week. health.com/today. All right. We continue our drives. In the month of may. , actually, we're going to, we're going to start a new drive in the month of June, but if you want to participate in our. , support for childhood cancer and finding cures for childhood cancer.

We are partnered with Alex's lemonade stand best way for you to do that. Hit our website. , banner on the top, click on the Alex's lemonade stand. , link right there and you can go ahead and give and be a part of that. Our community has been fantastic. We've raised over $34,000 this year towards our goal of $50,000 as a community. So thank you very much.

For your generosity. Alright, this post cat from, , Carter groom. With, , first health advisory. And he, , he summarizes so well, I didn't have to go read the entire document. So I'm just going to give you his posts from LinkedIn on the rural hospital, cybersecurity enhancement act. , introduce on May 11th continued movement in Washington with the focus on rural healthcare workforce instructional materials.

th,:

Committee. And, , chairman Gary Peterson, Democrat from Michigan introduced the rural hospital, cyber security enhancement act, new legislation that addresses the critical need for skilled cybersecurity professionals. And digital security enhancement protocols in rural healthcare settings. This legislation follows a reset.

H S G a C. And I'm sure there's a way to pronounce that. I'm not even going to pretend H S G a C hearing. That identified rural health care facilities as soft targets for cyber criminals. That is truth. Unlike larger urban hospitals, rural hospitals often have little to no full-time cybersecurity personnel and are particularly exposed to cyber attacks. Truth.

, it goes on Congress must take action to shore up the ability of small town hospitals to defend themselves from cyber attacks said, Senator Holly. By working to improve cybersecurity, preparedness and develop a robust cybersecurity workforce. In rural hospitals, we can help protect the sensitive medical and personal.

Data of American patients and defend our national security. Ransomware attacks against hospitals and healthcare systems. That compromise, sensitive medical information and disrupt patient care. I must be stopped. Unfortunately, small and rural hospitals often lack the resources to invest in cybersecurity defenses.

And staff to prevent these breaches said, Senator Peters, this bipartisan legislation will require the federal government to ensure our most vulnerable healthcare providers have the necessary tools to protect patient information and provide life saving care. Even as criminal hackers continue to target their networks.

All right. So here's just a couple of bullet points from this. Again, it's called the rural hospital cybersecurity enhancement act. And it would, it would require first thing require that cybersecurity and infrastructure security agency, C I S a director. To develop a comprehensive rural hospital cybersecurity workforce development strategy that at a minimum considers public private partnerships.

Development of curricula. And training resources and policy recommendations. Okay. All right. So that's the first one. I come back and talked about my, so what's on some of this stuff, cause I have some questions as I'm reading it. Number two require the CYSA. , director to create instructional materials.

For rural hospitals to train staff on fundamental cybersecurity measures. And number three require the security, our secretary of Homeland security to report annually to H S G a C and the house committee on Homeland security. With updates regarding the strategy and any programs that have been implemented persuade to the strategy. So this is a high level.

, act, I guess it's an act. It's a high level act. I mean, it, it has some things in it. , You know, can. , it has some considerations for them. It, , has a requirement in there for the federal government. To develop some curriculum for training of these resources. And it has, , some policy recommendations.

And I'm sure if I would dig into this more, I would see a little bit more, but here are my, here are my questions. Is that enough? , if you don't have staff to oversee this, it's going to be really hard to shore that environment. Therefore, they either have to go one of two directions. One is they have to outsource, in which case they just have to pay somebody else to provide the oversight.

Into that environment, having every rural hospital and health system develop their own cybersecurity plan. Is not really going to be advantageous or cost-effective if I thought about it. , You know, you're talking about hundreds and hundreds of health systems in small rural communities. Now with that being said, I, I agree with the training programs. I agree with that. I think there should be a program for graduating these students.

, graduating students from our colleges and universities. , our military services and getting them positioned to work with these health systems. I think education within those health systems is going to be incredibly important and therefore education of the staff themselves, because that's our most active point of vulnerability, right? We are, we are literally opening the door and letting them in.

As my mom likes to say, close the door, you're going to let the flies in. So, you know, we have to train that staff to not let the door open and that kind of stuff. So that kind of training and that kind of curriculum. Absolutely. If we're talking about training cybersecurity professionals and whatnot, I think we have to figure out a way to not only train them, but to incent them to work for rural healthcare.

Right now there's no incentive and they're in high demand and they're going to the top bitter and they can work for anywhere. Right. So you can live in. W, you know, small town, Oklahoma, small town, Nebraska. And work for big town, the big time, New York hospital, and make that kind of compensation.

So there has to be a way to, , not only train them and develop them. And again, our military service, that's a great way to train and develop these people, but there also has to be an incentive to keep them. , working in those rural communities, if you will. , Cyber cybersecurity and infrastructure.

Security agency. , director. I, you know, I'm not familiar enough with the work of the, a C I S a. To talk about this, but I would like to see a lot more interaction between the CIS. And HHS because HHS does work with healthcare all the time. They're highly They're highly integrated with healthcare around interoperability and other things, obviously. , so it, it becomes a situation where if these two entities were to work together and I don't see HHS mentioned anywhere in here, I just think they have more, ,

More direct lines of communication, more ways to, , you know, you see HHS out at the conferences, you see McEachern path, you see the rest of these people who are out there, trumpeting messages and this kind of stuff. Obviously, this is one of the messages. And to the extent that we can integrate the, , lines of communication, it probably makes a lot of sense.

, let's see. , scope number two requires assistant director to create instructional material for rural hospitals to train staff on fundamental cybersecurity measures. , you know, again, This material exists, it exists. 10 times over a hundred times over this material has been created. , it might not be, , necessary for the government to go out and create all this stuff as much as it is to gather it.

To, , to curate it and to make it available to these, , hospitals and health systems. I'm not trying to be overly efficient here. I'm just saying it's already been done and you can get it from any number of hospitals that have already created this kind of material. And, , some of the vendor community has created some great community, , some great material, as well as some college and university programs have created some great materials.

So there's no reason to recreate the wheel. , and then finally require this as secretary of Homeland security report annually. , to this group and, , with updates regarding to the strategy and any programs that have been implanted persuading to the strategy. Yeah. I, you know, if the, if the.

, Secretary of the Homeland security. Is, I mean, Homeland security cybersecurity has to be a part of that. And our hospital systems actually being a part of that as well. Sure by all means. If, if that, if the Homeland security. , chief is supposed to be a reporting out on, , how we're doing then. Yeah, I don't, I don't see any reason why reporting out on.

, , around our healthcare. You know, infrastructure insecurity doesn't make sense with that being said, I'm sure that's a report out to a lot of different places. So I would have to look at. In order to be really intelligent on this. I'd have to look at where they're already reporting out. Does it make sense to just add a couple of bullet points to a presentation they're already doing to some Senate committee or whatnot where they can just say, and in addition to these things where we're talking about the electrical grid and we're talking about all these things, can we also talk about.

, hospital and health care. We cannot talk about it in general, and then we can talk about it. With regard to the, , rural health systems and the progress that's being made here. So I, you know, Present to H S G a C or not. , I dunno, I could, I could be convinced both ways. But to a certain extent they should report out on the progress on this initiative.

So I, you know, in general, I like the direction. I like the fact that we're, we're actually having the conversation. Rural health care is exposed. We do not have the staff to oversee it. We do not have the training within the rural health systems to make sure that we're not opening the door. So a lot of this stuff is welcome.

And the focus is welcome. The bipartisan nature of it is welcome. And, , I just don't want to recreate the wheel. I don't want to create a work that's not necessary. And I want to make sure that the work that we're doing and the funding that we're putting towards it. Is actually getting to the rural health systems in order to secure them.

Right. So begin with the objective in mind. And if the objective is to make sure that our rural health systems. Are secure. And that data is protected and the patients and the community members are protected. Then let's begin with that as the, , at the S as the starting point and make sure that we continue to loop back to that and say, are we making progress towards.

That. , that specific item. , you know, we do that at this week health. We do that all the time. We come back to get what's the single question. You know, is, does this podcast lend itself to amplifying grades thinking to propel healthcare forward? And if it doesn't we ask ourselves, what else could we be doing or what should we be doing? Or should we stop doing this?

And in the same way, I would start with the objective of, are we making rural health care any more secure as a result of, of this work? And or will this work make it any more secure? And I would keep that question in the forefront. And if you keep that question in the forefront, then we will make sure to fund the right things, make sure that the, , the allocation of resources gets to the right place.

, in terms of, , training and make sure that the training actually is effective.

All right. That's all for today. If you know someone that might benefit from our channel, please forward them a note. They can subscribe on our website this week out.com or wherever you listen to podcasts. We want to thank our channel sponsors who are investing in our mission to develop the next generation of health leaders.

That's you short test and 📍 artist site two great companies. Check them out this week. Health. Dot com slash today. Thanks for listening. That's all for now.

Chapters

Video

More from YouTube