Connecticut lawmakers call for more cyber protections

(TNS) As increasing cyber and ransomware attacks on healthcare facilities leave hospitals vulnerable, lawmakers and healthcare providers are hoping to work together to improve cybersecurity measures.

According to data from the Connecticut Attorney General’s office, the healthcare industry reports more data breaches than any other industry. Experts previously told CT Insider that healthcare systems are often targeted because the digital system is full of sensitive data, such as medical files and billing information.

One of the most recent ransomware attacks occurred in August after Prospect Medical Holdings, a California-based medical system, was attacked, affecting two of its networks in Connecticut, Eastern Connecticut Health Network and Waterbury Health. The attack resulted in nearly 110,000 residents’ confidential information being compromised and weeks of facility outages.

Health care providers have also previously expressed concerns about the Connecticut Health Information Exchange (CONNIE), citing problems with the type of information shared, the need for more safeguards and a history of privacy concerns.

“It’s not a question of ‘if,’ it’s a question of ‘when’ more systems would be affected,” Sen. Saud Anwar, D-Windsor South, said at a press conference held in support of Bill 1 of the Senate, which would promulgate. provisions for protection and prevention of cyber security of health centers. “More healthcare systems will be attacked by cybercriminals and that’s the reality.”

If passed, SB 1 hopes to address many safety concerns related to health care, such as home care protections and the need for a prescription drug shortage study. Anwar told the press conference that while the bill has many different parts, it also has provisions that would help the state and hospitals be better prepared for a cyber attack.

Regarding cybersecurity, SB 1 would require the state Department of Public Health to develop an initiative for healthcare facility preparedness in the event of a cybersecurity event in collaboration with Chief of state information security. The initiative would be implemented as part of the state’s public health emergency response plan and would establish other means of communication in the event of a cyber breach, such as inter-unit radios, medical devices that are not connected to the Internet, and management systems to divert emergency patients. to other nearby hospitals.

SB 1 would also allocate $25,000 annually through 2028 to the state Department of Emergency Services and Public Protection for an annual meeting focused on preventing, identifying and managing cybersecurity events. Their work would include creating a cyber security incident command scenario and training hospital staff who manage medicines, lab samples and imaging studies to ensure they can work and report without technology.

Anwar said the bill also creates a stakeholder working group to discuss various concerns about health information sharing.

“There are so many parts of this problem that have not been resolved. At the end of this conversation, we hope that there will be some legislative thoughts that come out today that we would codify in a way that is more protective.” Anwar said. “At the heart of it, while we want all the data, it’s important that the patient’s health information is protected and we can feel confident that everything has been done to make sure you’re taking care of it.”

Although a legislative priority for the Senate, the bill SB 1 is being reconsidered and its language is being edited. Anwar said several financial aspects related to the participation of state agencies played a major role in the changes to the bill. He explained that the goal of universal preparation remains the same; however, the new billing language would place more responsibility on hospitals to establish plans with DPH and submit reports.

Many of the speakers at the news conference said partnerships between health care facilities and the state are necessary to prepare for a cyberattack and address concerns about sharing health information.

Amanda Gunthel, president of the Connecticut Association of Ambulatory Surgery Centers, said the interconnectivity of health information often provides insight into how best to care for patients. However, navigating the world of online data security should be done with caution to ensure patient or provider information is protected from potential breaches.

Gunthel said he hoped the task force could find solutions together and create protections that would improve the information-sharing network.

Similarly, Connecticut Hospital Association senior vice president for policy Paul Kidwell said recent attacks on Connecticut hospitals and health networks highlight vulnerabilities in the system. To remedy this, he said there needs to be ongoing open communication between the state and medical providers and a universal approach to addressing cyberattacks.

Kidwell added that patients should also be better informed about what information is shared on the exchange network and how hospitals protect their data.

“We need to talk to each other about what we’re doing as hospitals to make sure the system is safe … also, building expertise at the state level,” Kidwell said. “Making sure that when something does happen, we have a partnership or someone to talk to you about what we need, as a hospital system, to support getting back online.”

2024 The Middletown Press, Connecticut. Distributed by Tribune Content Agency, LLC.

#Connecticut #lawmakers #call #cyber #protections
Image Source :

Leave a Comment