Anyone looking for a case study illustrating the speed of the evolving cyber threat need look no further than healthcare. The COVID-19 pandemic and rampant ransomware attacks shone a light on the cybersecurity threats facing the healthcare sector, as cybercriminals capitalized on the financial gain from stealing financial data and healthcare research. Despite being one of the first and most heavily regulated sectors for cybersecurity, the healthcare sector has remained one of the weakest sectors for cybersecurity. This chapter emphasizes that cybersecurity is a critical component of modern healthcare, and cybersecurity can pose additional risk to patients. This chapter recommends that cybersecurity investments be reclassified as an element of patient care within the medical loss ratio. It also calls for reduced regulation and increased incentives. For example, Meaningful Use requirements should be reduced or foregone entirely to allow for investment and use of health information exchanges to increase secure interoperability in the healthcare field. An incentive-focused regulatory approach would encourage more companies in the healthcare industry to make the investments necessary to protect information assets. With the right incentives, we drive good information security behavior today and continual good behavior going forward.
Combining Technology, Public Policy and Economics to Create a Sustainable System of Cybersecurity
Lou DeSorbo is the Senior Vice President and Chief Information Security and Risk Officer for Centene Corporation. Previously, he served in a variety of leadership roles with Deloitte, Booz Allen Hamilton, the Joint Task Force – Global Network Operations (now U.S. Cyber Command) and Northrop Grumman and in the US Air Force. He holds an MBA from Colorado State University and a B.S. in Electronics Management from Southern Illinois University.
Jamison Gardner is a member the Georgetown Journal of Law and Public Policy and the First-Generation Student Union. He has a Juris Doctor from Georgetown Law.