Chapter One—“Why Should We Care?”—gives a high-level overview describing the cybersecurity challenges and constraints facing the healthcare sector. Some of these challenges are unique to healthcare while others will be familiar to cybersecurity experts in other fields. The chapter will be most useful for those who want to better understand the cybersecurity threats the healthcare sector will face over the next five years. This chapter is designed to give action-oriented colleagues a set of arguments to support their efforts for change.
Chapter Two of this report—“How Did We Get Here?”—looks back at the major policies, technological innovations, and cybersecurity incidents that have shaped the current healthcare cybersecurity landscape. This chapter is for those who want to better understand the structural context underpinning technology and cybersecurity developments in the healthcare sector. By providing historical context, we hope to help ensure that future efforts will build on, rather than repeat, past attempts at improvement.
Chapters Three, Four, and Five constitute the major policy recommendations of this report. Each one tackles a set of recommendations centered on one of the three pillars mentioned above, culture, technology, and workforce. The policies in these chapters are relevant for policymakers in federal, state, and local governments, as well as healthcare leaders who can shape the internal policies of their health systems and organizations.