Illustrating the growing concern in healthcare over protecting patients' personal information and safety from hackers, the American Hospital Association Feb. 20 announced it was creating a new position to advise the group on cybersecurity issues. The association, in a press release, announced it has hired John Riggi, a former FBI cybersecurity expert.
"Cybersecurity is on the top of every health leader's mind," AHA President and CEO Rick Pollack said in the release. "And John is nationally recognized as one of the best experts out there on healthcare cybersecurity."
After a 30-year career in the FBI, Riggi worked with the AHA to develop the group's cybersecurity education initiatives while leading the consulting firm BDO USA's cybersecurity and financial crimes practice.
While serving with the FBI's cyber division, he led a national program to work jointly with healthcare and other critical infrastructure to exchange information around national security and criminal cyberthreats, the release said.
A 2017 Symantec Corp. study found that 65% of health care officials said their organizations spent 6% or less of their IT budgets on security, less than half of what government and financial institutions spend.
A separate 2017 report by a health care cybersecurity task force created by Congress found that "most health care organizations face significant resource constraints as operating margins can be below one percent. Many organizations cannot afford to retain in-house information security personnel, or designate an information technology staff member with cybersecurity as a collateral duty."
Many of the organizations do not have the tools to identify and track threats, and have older computer systems with "large numbers of vulnerabilities and few modern countermeasures," the report said.