Andrew Kagan - CTO - Planet TechnologiesThe Government Accountability Office (GAO) has criticized the Department of Health and Human Services (HHS) for falling short on its cybersecurity goals for the healthcare sector. The GAO has found that HHS needs to do more work on several security issues, including assessing appropriate cybersecurity practices, developing evaluation procedures for ransomware risk reduction, and performing risk evaluations of Internet of Things (IoT) and operational technology (OT) devices. The GAO has emphasized the need for further action, as cyberattacks on the health sector are becoming increasingly complex.
Despite the GAO's criticism, HHS has taken some steps to improve cybersecurity in the healthcare sector. In 2019, HHS, in collaboration with the Department of Homeland Security (DHS), the National Institute of Standards and Technology (NIST), and the Health Sector Coordinating Council (HSCC), established the Health Industry Cybersecurity Practices (HICP). These practices define cybersecurity best practices for hospital organizations and are considered "recognized security practices" by the Office for Civil Rights (OCR).
In addition to the HICP, Congress has proposed the Health Care Cybersecurity Resiliency Act of 2024 to strengthen healthcare cybersecurity. The bipartisan bill seeks to:
- Establish grants to help healthcare organizations improve cyberattack prevention and response.
- Ensure training is provided to healthcare entities on cybersecurity best practices.
- Improve collaboration between HHS and the Cybersecurity and Infrastructure Security Agency (CISA).
- Require the HHS Secretary to develop and implement a cybersecurity incident response plan.
The proposed legislation aims to address the increasing cyberattacks and ransomware attacks on the healthcare sector, which cause massive disruption to healthcare operations and put patients' sensitive health data at risk.
To help address the challenges faced by HHS, Microsoft Cloud for Healthcare provides a foundation of trust and security for healthcare organizations. Built on the Microsoft Cloud, this platform brings together capabilities from Microsoft Azure, Dynamics 365, Microsoft Power Platform, and Microsoft 365 to provide more efficient care and help ensure the end-to-end security and compliance of health data.
Here are some key aspects of Microsoft Cloud for Healthcare's secure foundation:
- Compliance with healthcare laws and regulations: The platform meets regional and local market security, privacy, and compliance regulations to differentiate the industry cloud.
- Security built into every layer: Microsoft prioritizes trust with global security, privacy, and compliance in everything they do.
- A unified data foundation: Tools provided by Microsoft allow healthcare organizations to bring in different types of healthcare data, transform it, and utilize it to build powerful AI solutions.
- Data governance and security: Healthcare application templates in Microsoft Purview help identify and protect PHI, ensuring compliance with regulations such as HIPAA.
- Enhanced data security: Features like encrypted data transfer, multi-factor authentication, and customizable security policies help protect critical data.
- Secure management of health data in the cloud: Azure API for FHIR and Azure Health Data Services offer scalable and secure environments for managing and storing PHI data.
Microsoft is also investing in innovations aiming to improve healthcare experiences and outcomes. These innovations include:
- Healthcare Agents in Microsoft Copilot Studio: This low-code toolkit enables the creation of AI agents that address healthcare's pressing needs while maintaining compliance with Microsoft's trustworthy AI commitments.
- Virtual Visits: The platform leverages Microsoft Teams to facilitate EHR-connected virtual visits, allowing care teams to launch collaboration and communication interactions directly from an EHR system.
- Power BI dashboards and reports: Healthcare organizations can gain valuable insights from clinical and operational data using Power BI dashboards and reports.
- Improved care coordination: Tools like Microsoft Teams for healthcare organizations enable secure sharing of health information from any location and device, improving communication and streamlining care coordination.