Greg Garcia, executive director of cybersecurity at the Health Sector Coordinating Council, said that regulatory policy moves by the federal government could encourage healthcare organizations to invest in cybersecurity, BankInfoSecurity reported Jan. 6.
"We've had a number of consultations with the Department of Health and Human Services about how we can better incentivize the healthcare industry to make those appropriate investments that maybe will move the needle toward a higher level of preparedness," said Mr. Garcia.
Currently, the Centers for Medicare and Medicaid Services is considering providing higher Medicare reimbursements as an incentive for good cybersecurity practices.
"If you can show that you are managing the security of medical devices in a more secure way, reimbursement can also be an incentive for that," said Mr. Garcia.
Mr. Garcia also said that HHS is considering grant programs for smaller hospitals if they invest in better cybersecurity.
"We think there is a lot that HHS can do," said Mr. Garcia.
The federal government has taken some steps to encourage healthcare entities to increase cybersecurity efforts. For example, in 2021, an amendment to the HITECH Act was signed into law that instructed HHS' Office for Civil Rights to consider whether a breached healthcare entity has made a good faith attempt to implement "recognized security practices" before issuing penalties.