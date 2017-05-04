The health care system cannot deliver effective and safe care without deeper digital connectivity. If the health care system is connected, but insecure, this connectivity could betray patient safety, subjecting them to unnecessary risk and forcing them to pay unaffordable personal costs. Our nation must find a way to prevent our patients from being forced to choose between connectivity and security. In the Cybersecurity Act of 2015 (the Act), Congress established the Health Care Industry Cybersecurity (HCIC) Task Force to address the challenges the health care industry faces when securing and protecting itself against cybersecurity incidents, whether intentional or unintentional. Real cases of identity theft, ransomware, and targeted nation-state hacking prove that our health care data is vulnerable. Data collected for the good of patients and used to develop new treatments can be used for nefarious purposes such as fraud, identity theft, supply chain disruptions, the theft of research and development, and stock manipulation. Most importantly, cybersecurity attacks disrupt patient care (References to Figure 1 found below)1 . The health care industry in the United States is a mosaic, including very large health systems, single physician practices, public and private payers, research institutions, medical device developers and software companies, and a diverse and widespread patient population. Layered on top of this is a matrix of well-intentioned federal and state laws and regulations that can impede addressing issues across jurisdictions. This creates the potential to develop barriers to innovation and ease of use. Within this complex network, patients must be protected from harms that may stem from cybersecurity vulnerabilities and exploits. Now more than ever, all health care delivery organizations (including all constituents referred to above) have a greater responsibility to secure their systems, medical devices, and patient data. Most health care organizations face significant resource constraints as operating margins can be below one percent. Many organizations cannot afford to retain in-house information security