HHS officials are interested in using ethical hackers to discover cyber vulnerabilities at the agency, reports Federal Times.
The agency is taking a page from the Department of Defense, which in March held a "Hack the Pentagon" program that invited ethical hackers to attempt to access the agency's networks to test and find vulnerabilities in the department's applications, websites and networks.
Lucia Savage, chief privacy officer of the ONC, floated the idea at the Collaboration of Health IT Policy and Standards Committees meeting June 23, according to Federal Times.
"This is a technique that has been found highly valuable in the rest of industry," Ms. Savage said at the meeting. "One of the things we are thinking about is how to get this to take root as a security hygiene process within the healthcare system."
However, she conceded ethical hacking can present security concerns in the medical device and EHR realm, such as how accessing a device — even by an ethical hacker with no malicious intent — could potentially disrupt the operation of a device, according to the report.
The ONC is reportedly working with the FDA on how to apply ethical hacking practices to the healthcare and medical devices sector.
More articles on cybersecurity:
The top 5 cybersecurity threats hospitals need to watch for
What the immune system can teach us about cybersecurity
Not just a hospital problem: Malicious code tops cybersecurity threat list for government entities