Cybersecurity is a huge concern for health care entities as
one of the most targeted industries by cyber criminals according to an article
by the EC-Council University (https://www.eccu.edu/blog/cybersecurity/top-industries-most-vulnerable-to-cyber-attacks).
The health care industry is so targeted in fact, that Congress is now considering a
bill, with the backing of HHS, to mandate that health care organizations
strengthen their cybersecurity defenses (https://www.finance.senate.gov/imo/media/doc/health_infrastructure_security_and_accountability_act_leg_text.pdf).
This is all well and good for those for-profit entities such as United
Healthcare, Humana, or CHI who have fairly deep pockets. The big question is
where does this leave nonprofit entities struggling to provide safety net
services on sliding fee schedules depending on decreasing reimbursements and
grant funding to survive?
Microsoft and Google, working with the White House, have
come up with a so-called plan to help, consisting of free and discounted
cybersecurity resources to assist in enhancing health care cybersecurity. I
call this a so-called solution because it only addresses one discrete area of
need, rural hospitals. What this completely misses are the over 1,400 Federally
Qualified Health Care (FQHC) centers operating at more 15,000 sites serving
more than 26.6 million patients per year or the over 5,200 rural health clinics
(RHC) serving more than 37.7 million patients per year, both providing integrated
outpatient care to those who otherwise would not have access to health care or
couldn’t afford it. These organizations survive on shoestring budgets where the
goal is to dedicate every penny possible to patient service. With cybersecurity
threats increasing in complexity and number almost daily, it is nearly
impossible for these organizations to keep up. Yet instead of providing help
where it is actually needed, our technology industry and government make
superficial efforts to look like they are helping with the problem while
Congress seeks to pass more stringent regulations without any assistance in
meeting those regulations.
If you have been watching the news lately, you have seen a
number of rural and nonprofit health care organizations closing facilities at a
breakneck pace because the margins are so low that they cannot survive. When we
layer in the hundreds of thousands of dollars or more that each health care organization
is going to have spend to keep up with cybersecurity threats, that means we can
expect to see even more health care facilities closing in the areas where they
are needed most. We aren’t talking about metro areas like Los Angeles or
Chicago, we are talking rural, less densely populated areas such as rural areas
of Nevada, Utah, Colorado, Arizona, California, and much of the southern United
States. On average, these residents tend to be older and potentially require
more medical attention than the average person. In an article published in the Journal
of the Missouri State Medical Association (https://pmc.ncbi.nlm.nih.gov/articles/PMC6140198/),
it was stated that while 20% of Americans live in rural areas, only one-tenth
of physicians practice there.
My call to action is this: While we all agree that increased
cybersecurity in health care is necessary and we are all tired of reading about
the breaches, we need to come up with some real solutions to assist this
industry, especially the safety net and rural providers who are hit hardest by
the extra costs that these initiatives bring. We need to stop complaining and
put together real action plans because our health care industry is already
straining and struggling and the added burden of increased costs around
cybersecurity is enough to break it where it is needed most.
In my next post, I will attempt to provide some suggestions as to how we might be able to attempt to solve this problem.
No comments:
Post a Comment