This past September, the U.S. Department of Homeland Security’s Cybersecurity & Infrastructure Security Agency published a report designed to assess the health of the nation’s hospitals and health systems.
Perhaps unsurprisingly, the report, “‘Provide Medical Care’ is in Critical Condition: Analysis and Stakeholder Decision Support to Minimize Further Harm,” doesn’t offer encouraging news.
It finds the nationwide infrastructure enabling provision of medical care – one of CISA’s 55 national critical functions – severely strained by the COVID-19 pandemic and the resulting clinical, financial, workforce and supply chain challenges.
The concurrent cyber-pandemic of rampant ransomware and nation-state skullduggery has only compounded the difficulties faced by providers.
As the report notes: “Beyond the obvious consequences of disruptions to diagnostic, testing and treatment equipment, even minor reductions in efficiency caused by cyber-incidents compound to increase staff workload and degrade the system’s ability to provide medical care.”
At the upcoming HIMSS Healthcare Cybersecurity Forum, which kicks off next Monday, a CISA researcher will unpack the recent report – and offer some suggestions for how his agency can support struggling healthcare organizations.
To preview his session, “Healthcare is in Critical Condition,” Josh Corman, who has long IT security and public policy experience in the private sector and joined CISA this past year under the CARES Act as a senior advisor and strategist, spoke with Healthcare IT News about the report and what it means.
“We do regular, routine analysis of risk to the nation’s critical infrastructure and national critical functions throughout the pandemic,” Corman explained, noting that the assessment is both qualitative and quantitative. “This analysis is done for government stakeholders and decision-support within CISA, DHS and across agencies like HHS and CDC.”
Like many of the 55 other national critical functions during this time of upheaval – they include operate government, generate electricity, provide wireless access network services and maintain access to medical records – the NCF known as provide medical care “has been severely strained, stressed at various points throughout the pandemic.”
Aimed at various stakeholders – hospital leaders, healthcare providers, cybersecurity and IT professionals – the report explores several matters that most who have experienced the past two years “suspected or possibly or probably thought were intuitive,” Corman said. “But now we’ve got some hard data to show the impacts that are affecting their organizations.”
The report explores several areas of stress and strains for providers. For instance, Corman explained, “We have the first data sizing of the relationship, the correlation between IC bed utilization and excess deaths two, four and six weeks later.”
“It’s a novel set of findings, and it’s much different than, say, pre-pandemic excess death rates by sizing the shape of that curve. We hope to make sure that people who are making choices about hospital utilization are armed with this newer consequence information.”
The strains on the care delivery system – and the excess deaths they cause – can have severe upstream effects on broader infrastructure, workforce and, potentially, national security.
“An analysis of