A new organization has been formed to prevent and combat future cyber breaches in California’s health care industry, the state announced Nov. 2.
The Cyber-Health Information Technology Advisory Board will examine the cyber risks associated with everything from electronic health records to surgically implanted medical devices.
Board members include leaders in technology and digital health, and from industries including IT and cybersecurity, who will, among other things, look at past system hacks and what can be learned from them.
The effort is spearheaded by The Governor’s Office of Business and Economic Development (GO-Biz), California’s economic development and job creation organization.
“As a state with a worldwide reputation as technology leader, California is the ideal place to build this board to address key issues regarding the intersection of technology and healthcare,” said Leslie Saxon, MD, executive director of the USC Center for Body Computing (CBC), who will lead the advisory board.
Founded in 2006 by Saxon, the CBC was one of the nation’s first academically-based centers to focus on digital health solutions.
“We will be looking at vulnerabilities across healthcare and yes, learn and examine (previous) breeches, so that we can issue useful information on best practices, learn from each other and how to best implement strong tenets of cybersecurity disclosure from discovery, to information sharing to severity assessment and mitigation,” Saxon said.
One of the recent cyber hacks the board will be looking at is a global ransomware attack known as WannaCry that in May affected more than 200,000 computers in at least 100 countries.
Closer to home, from 2011 – 2015, Sutter Health suffered three major data breaches that potentially affected millions of patients.
In October 2011, Sutter Health reported the theft from its Sutter Medical Foundation of an unencrypted desktop computer containing information 4.2 million patients. That incident resulted in the filing of 11 class action lawsuits.
In September 2015, Sutter notified patients of a potential data breach after a former employee emailed electronic versions of billing documents to a personal account without authorization.
The incident compromised the information of more than 2,500 patients.
In 2016, computers at Marin Healthcare District’s nine medical care centers were hit with a virus that held data hostage. The district ended up paying an unspecified amount in ransom.
The advisory board will be operating from the patient’s viewpoint and interest in mind, Saxon said.
The advisory board will develop a white paper that outlines both immediate collaborative opportunities and a long-term strategy to strengthen the health care industry’s cybersecurity.
CORRECTION: The advisory board will not be looking at cyber breaches at Sutter Health or Marin Healthcare District.
Cynthia Sweeney covers health care, hospitality, residential real estate, education, employment and business insurance. Reach her at Cynthia.Sweeney@busjrnl.com or call 707-521-4259.