Cook Children’s 1
Theresa Meadows, RN, MS, CHCIO
Senior Vice President and CIO
Co-Chair HHS Health Care Cyber Security Task Force
July 2016
Cybersecurity:
President Obama named it
one of the most important
challenges we face as a
nation
Cook Children’s 2
Agenda
• About Cook Children’s Health Care System
• Healthcare Cybersecurity Taskforce
• Questions
Cook Children’s 3
About Cook Children’s
• Founded in 1918 – Fort Worth Free Baby Hospital
• Cook Children’s Hospital
• Fort Worth Children’s Hospital
• 1984 Merger: Cook-Fort Worth Children’s Medical Center
• 2013 Nationally recognized Integrated Delivery System
Cook Children’s 4
Cook Children’s Health Care System
• Eight Companies• CC Medical Center
• CC Physician Network
• CC Home Health
• CC Health Plan
• CC Health Foundation
• CC Northeast Hospital (JV)
• CC Pediatric Surgery Center
(JV)
• CC Health Services (for
profit)
Cook Children’s 5
Cook Children’s 6
Service Area Defined
Source: Claritas Demographics (2007)
6-County Service Area
Outlying Referral Area
Tarrant, Parker, Hood, Johnson, Wise, Denton (47% of state)
Cook Children’s 7
Why would I want to participate on this
taskforce?
Cook Children’s 8
280,000+ identified as attacks and stopped per month on average
Cook Children’s 9
“People should be able to easily and securely access their electronic health information and send it to any desired location. They need to be able to understand how their information can be shared and used. And they must be assured that this information will be effectively and safely used to benefit their health and that of their community.”
Secretary Sylvia Mathews BurwellDepartment of Health & Human Services (HHS)
Cook Children’s 10
History of the HealthCare Industry
Cybersecurity (HCIC)Task Force
• Established under Section 405 of the
CyberSecurity Information Sharing Act of
2015 (CISA)
• Purpose – To evaluate cybersecurity risks that
are unique to the healthcare industry and
recommend best practices to mitigate those
risks
• Term – Task force expires in March 2017
Cook Children’s 11
HCIC Task Force Responsibilities
A. Analyzing how other industries have implemented strategies and safeguards to
address cybersecurity threats;
B. Analyzing challenges and barriers the health care industry encounters when securing
itself against cyber attacks;
C. Reviewing the challenges to secure networked medical devices and other software
or systems that connect to an electronic health record;
D. Providing the Secretary with information to disseminate to healthcare industry
stakeholders to improve their preparedness for, and response to, cybersecurity
threats;
E. Establishing a plan to create a single system for the Federal Government to share
actionable intelligence regarding cybersecurity threats to the health care industry in
near real time for no fee; and
F. Reporting to Congress on the finding and recommendations of the task force
regarding how it carried out subsections A – E.
Cook Children’s 12
Criteria for selecting HCIC
Task Force Members• Service in a position of influence in an organization that is
representative of a component of the broad health care
and public health sector
• Experience in dealing with technical, administrative,
management, and/or legal aspects of health information
security
• Knowledge of major health information security policies,
best practices, organizations and trends
• Ability to participate actively in Task Force meetings and
contribute to the Task Force products
Cook Children’s 13
HCIC Taskforce Membership
• Federal Government
• Private Sector Healthcare
Organizations
• Public and Private sector
experts on information
technology and
cybersecurity
Sector Represented:
• Hospitals/Providers
• Pharmaceuticals
• Medical Devices
• Laboratories
• Health Plan/Payers
• Health Information &
Medical Technology
Cook Children’s 14
Keeping Public Engaged
• Hosting 4 public
meetings to update on
progress
• Next meetings occur
in October and
December
• HHS plans to launch a
blog to further engage
the public
Cook Children’s 15
HCIC Taskforce Progress
• Monthly meetings to discuss how to:
• Undertake the charge defined by the CISA
• Define which initiatives and products would
best serve the health care community
• Outline the scope of final findings and
recommendations to Congress
Cook Children’s 16
Continued progress
• Established internal working groups to more completely investigate
and address the broad range of issues affecting the health care
sector.
• Risk identification by Sector
• Risk category definition and priority
• Patient Safety
• Confidentiality
• Availability
• Integrity
• Determine shared risks across sectors
Cook Children’s 17
Process for final report creation
• Development of a framework
• Mapping requirements of the Act to working
group efforts
• Identification of best practices within other
critical infrastructure sectors
• Gaps and challenges for the healthcare sector
• Process for cyber information sharing
Cook Children’s 18
Questions?