Even before Petya and WannaCry, recent ransomware attacks, leaders of hospitals and health systems have been collaborating and fighting back against cybersecurity threats, according to Hospitals & Health Networks.
This spring in Virginia, for example, a statewide task force on cybersecurity coordinated by the Virginia Hospital & Healthcare Association issued a set of self-protection guidelines for VHHA members. The Virginians are not alone.
“I’ve talked to people in other states, and this is picking up,” says Dan Bowden, vice president and chief information security officer at Sentara Health, based in Norfolk, Va., and a VHHA task force member. “At least half or two-thirds of the states are working on this.”
Michigan Healthcare Cybersecurity Council dates to 2013 and was formed in response to cross-industry computer security initiatives by the National Governors Association, says Lee Kim, director of privacy and security at the Healthcare Information and Management Systems Society, a trade group for the health care information technology industry.
On the East Coast, the Healthcare Association of New York State, convened a forum in 2016 with experts from the Department of Homeland Security, FBI, New York City and state police to mutually address cyber defenses.
“I think it’s fair to say all of the state hospital associations have this on their radar and are working with their members,” says Chantal Worzala, vice president, health information and policy operations, at the American Hospital Association (AHA).
The AHA, meanwhile, has a host of cybersecurity resources on its website, aimed at keeping hospital and health systems leaders up to speed, Worzala says. In October in Chicago, the AHA will host its fourth regional cybersecurity training session for executives on the importance of leadership in addressing cybersecurity issues, Worzala says.