What’s in Biden’s Security Memo for the Healthcare Sector? – Source: www.databreachtoday.com

The Biden administration’s recent National Security Memorandum 22, which aims to bolster the security and resiliency of critical infrastructure sectors, calls for comprehensive mapping and risk assessment of all the critical components and interdependencies of the healthcare ecosystem, said Greg Garcia, executive director of cybersecurity at the Healthcare Sector Coordinating Council.

HSCC will be among the healthcare and public sector groups offering assistance to the Department of Health and Human Service in performing the mapping and risk analysis, he said. Federal agencies responsible for risk management for the nation’s other 15 critical infrastructure sectors are also expected to conduct similar exercises before the end of next January, Garcia said.

“This is something we did back in the financial services sector when I was there about 10 years ago. You map out the whole sector, and put it on a schematic,” he said, referring to his previous work with the Financial Information Sharing and Analysis Center.

The mapping of the healthcare sector will include all critical constituents including hospital systems, pharmacies, labs, medical technology companies and pharmaceuticals, Garcia said.

The mission is to identify interdependencies, operational workflows, vulnerabilities and threats in order to improve preparedness and response to incidents, which range from severe weather events to massive cyberattacks, he said in an interview with Information Security Media Group.

“The administration had been working on this national security memorandum for some time, well before the Change Healthcare attack happened,” Garcia said. “The coincidence of the memorandum and the Change Healthcare attack put an exclamation point on the requirement for us to do this kind of risk assessment and risk management plan to identify what are those critical choke points and potential single points of failure within the healthcare system or any critical infrastructure sector,” he said.

In this audio interview with Information Security Media Group (see audio link below photo), Garcia also discussed:

• Important lessons emerging from the Change Healthcare attack and its severe disruption of the healthcare ecosystem;
• Upcoming proposed rule-making expected from HHS on new cybersecurity requirements for healthcare sector entities;
• HSCC developments underway to aid the healthcare sector in its cybersecurity efforts.

Prior to joining HSCC, Garcia was the nation’s first Department of Homeland Security assistant secretary for cybersecurity and communications under President George W. Bush. He also served as executive director of the Financial Services Sector Coordinating Council and held executive positions with Bank of America, 3Com Corp., the Information Technology Association of America, and Americans for Computer Privacy.