Eric Geller reports:
The U.S. government is struggling to convince hospitals that they need to spend time and money fighting hackers and provide useful advice to them, a problem that could have lethal consequences as the country’s ransomware crisis rages on.
“I don’t think we’ve figured out how to talk to the small and medium-sized organizations in a way that actually reaches them, and I don’t think we’ve come up with a convincing story” about why cybersecurity matters, Jessica Wilkerson, a senior cyber policy adviser at the Food and Drug Administration, said Wednesday at the Billington Cyber Summit in Washington.
Read more at The Messenger.
“The definition of insanity is doing the same thing over and over and expecting a different result” is a famous quote often attributed to Albert Einstein.
If what the government is saying and doing isn’t working, what will work?
Maybe it’s time for the government to give more financial support and technical help to hospitals but with a mandate that they SHALL implement certain cybersecurity protections in a tiered structure and timeline or they will be fined. And maybe it’s time HHS starts imposing more monetary penalties on entities who fail to comply with the HIPAA Security Rule, including timely notification obligations.