Health Information Technology   Cybersecurity  

Overview

Cyber-attacks continue to disrupt all sectors, including health care. Health care is among the most targeted due to the value of medical information (as compared to financial or other information). The proliferation of health information technology (health IT) presents new vulnerabilities and increases risk of a breach for health care organizations. Common vulnerabilities include insider wrongdoing and external hacking attacks. Cybercrime can be particularly disruptive in health care if systems or operations are interrupted, posing a potential risk to patient health and safety. Awareness and implementation of cybersecurity best practices across a health care enterprise is paramount to reducing cybersecurity risks.

Health Care Data Breaches 

Health Care Data Breaches: An Assessment of Breach Trends in Maryland and the Nation (2020)

The MHCC analyzed heath care data breaches affecting 500 or more individuals reported to the Department of Health and Human Services, Office for Civil Rights (OCR) between January 2010 and October 2019. The report illustrates breach trends over the last decade in Maryland and the nation and offers insight into consumer perception about privacy and security.

Peer to Peer Learning

The MHCC collaborates with State agencies, health care associations, and other industry leaders to raise awareness and share information about cybersecurity best practices. Stakeholders convene to share perspectives about cybersecurity, including network security, safeguarding data and privacy, and incident preparedness and response.

Upcoming Event 

Health Care Cybersecurity Symposium:  Managing Risk Within the Health Care Supply Chain (November 8, 2021 from 3-5PM ET)

The MHCC is convening a virtual event in collaboration with the Healthcare Information Management Systems Society Maryland Chapter (MD HIMSS), the Maryland Hospital Association (MHA), the Health Facilities Association of Maryland (HFAM), and the Health Services Cost Review Commission (HSCRC).  Local and national leaders will share insights about cyber supply chain risk management and best practices for mitigating cyber risk.  Click here to learn more and register.

Past Events

Cybersecurity Symposium: Reevaluating Security, Risk and Governance to Ensure a Well-Rounded Approach to Cybersecurity (October 2019)

In collaboration with MD HIMSS, MHA, and HSCRC, MHCC brought together local subject matter experts from the National Institute of Standards and Technology (NIST), health systems, long-term care, and academia. Presentations highlighted updates to the NIST Cybersecurity Framework and best practices for reducing cyber risk through governance and operational controls. Click here for the symposium agenda.

Back to Basics Cybersecurity Lunch and Learn Webinar (October 2018)

The MHCC hosted a webinar for small practices with presentations from the Maryland Department of Commerce and Mokxa Technologies. The webinar provided information about a free cybersecurity self-assessment tool, key security steps to reduce risk of a breach, and a Maryland cybersecurity tax credit. Click here to view the webinar on-demand.

Health IT User Education Roundtable: A Best Practices Symposium (March 2017)

The MHCC, MD HIMSS, MHA, and HSCRC convened industry experts, including two Chief Information Security Officers from local health systems. A roundtable discussion focused on end-user behavior and knowledge gaps that directly impact health care security. Presenters highlighted real-life scenarios and best practices for reducing human error. Click here for available slides.

Hospital Cybersecurity Symposium (September 2016)

The MHCC, MD HIMSS, MHA, and HSCRC hosted a first of its kind event bringing together health care leaders in the State to discuss the growing importance of securing data, protecting privacy, and mitigating cyber risk. Presentations provided insights about the evolving nature of cyber threats and best practices for risk management, including vendor accountability and cyber liability insurance. Click here for available slides.

Resources 

For Small Health Care Practices:

Safeguarding Privacy and Security in Telehealth:  Tips to Keep Your Practice Safe

Important privacy and security considerations when providing telehealth services.

Top 10 Tips for Cybersecurity in Health Care

The Office of the National Coordinator for Health Information Technology (ONC) provides information and additional resources for reducing cyber risks.

Cybersecurity Practices for Small Health Care Organizations

Cybersecurity best practices to improve awareness and enhance security posture.

American Medical Association: Protect Your Practice and Patients from Cybersecurity Threats

Guidance for safeguarding confidential and patient information in a medical practice.

General Guidance:

Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients

Practical cybersecurity guidelines to reduce risk for health care organizations of varying sizes.

OCR Cybersecurity Guidance Materials

Educational materials for responding to cybersecurity incidents.

2020 HIMSS Cybersecurity Survey

A study of cybersecurity experiences and practices of security leaders nationally.

National Security Agency: Mitigating Cloud Vulnerabilities

Information about cloud vulnerabilities and perspectives on cloud security principles.

Security Assessments and Frameworks:

MHCC Cybersecurity Self-Assessment Readiness Tool (2018)

Designed to help health care organizations assess readiness and potential gaps in cybersecurity. A series of self-evaluation statements are grouped by people processes, policies, and technology, which align with the NIST Cybersecurity Framework.

HHS Security Risk Assessment Tool

A guide for small health care providers conducting a security risk assessment; results can be used to determine potential risks in policies, processes and systems, and methods to mitigate risks.

NIST Cybersecurity Framework

Integrates industry standards and best practices to help organizations manage their cybersecurity risks and is meant to be accessible to small and large organizations across all sectors. 

Other Security Frameworks

Overviews common security frameworks used to enhance security and develop robust cybersecurity programs.

 

Contact Information

For more information, contact Eva Lenoir at eva.lenoir@maryland.gov.


Last Updated: 9/10/2021