close
close

What does Biden’s security memo for the health care sector include?

Posted on by darion

The Biden administration’s recent National Security Memorandum 22, which aims to strengthen the security and resilience of critical infrastructure sectors, calls for a comprehensive mapping and risk assessment of all key elements and interdependencies of the healthcare ecosystem, said Greg Garcia, executive director of cybersecurity at the company Healthcare Sector Coordinating Council.

He said HSCC would be one of the health and public sector groups offering assistance to the Department of Health and Social Care in carrying out risk mapping and analysis. Federal agencies responsible for risk management in the country’s other 15 critical infrastructure sectors are also expected to conduct similar exercises before the end of January next year, Garcia said.

“It’s something we did in the financial services industry when I was there about 10 years ago. The entire sector is planned and placed on a diagram,” he said, referring to his previous work in the financial information exchange department and the Analysis Center.

The health care sector mapping will cover all critical elements, including hospital systems, pharmacies, laboratories, health technology companies and pharmaceuticals, Garcia said.

The mission is to identify interdependencies, operational workflows, vulnerabilities and threats to improve preparedness and response to incidents ranging from severe weather to massive cyberattacks, he said in an interview with Information Security Media Group.

“The administration has been working on this national security memorandum for some time, well before the Change Healthcare attack,” Garcia said. “The convergence of the memorandum and the Change Healthcare attack put an exclamation point on the requirement that we conduct this type of risk assessment and risk management plan to identify critical bottlenecks and potential single points of failure in the healthcare system or any critical infrastructure sector,” he said.

In this audio interview with Information Security Media Group (see audio link below photo), Garcia also discussed:

  • Important lessons from the Change Healthcare attack and its major disruption to the healthcare ecosystem;

  • Upcoming proposed regulations from HHS regarding new cybersecurity requirements for healthcare entities;

  • Development of HSCC is ongoing to assist the healthcare industry in its cybersecurity efforts.

Prior to joining HSCC, Garcia served as the nation’s first assistant secretary for cybersecurity and communications at the Department of Homeland Security under President George W. Bush. He also served as executive director of the Financial Services Sector Coordinating Council and held leadership positions at Bank of America, 3Com Corp., Information Technology Association of America and Americans for Computer Privacy.