• LABline
  • Magazine Archive
  • Webinars
  • Whitepapers
  • eBooks
  • Videos
  • Subscribe
    1. Information Technology
    2. Data Management

    HHS announces next steps in ongoing work to enhance cybersecurity for healthcare and public health sectors

    Dec. 7, 2023
    Concept paper highlights ongoing and planned steps to improve cyber resiliency and protect patient safety.
    Photo 152345306 © Leowolfert | Dreamstime.com
    dreamstime_xxl_152345306

    The U.S. Department of Health and Human Services (HHS) released a concept paper that outlines the Department’s cybersecurity strategy for the healthcare sector.

    The paper details four pillars for action, including publishing new voluntary healthcare-specific cybersecurity performance goals, working with Congress to develop supports and incentives for domestic hospitals to improve cybersecurity, and increasing accountability and coordination within the health care sector.

    According to the HHS Office for Civil Rights (OCR), cyber incidents in healthcare are on the rise. From 2018-2022, there has been a 93% increase in large breaches reported to OCR (369 to 712), with a 278% increase in large breaches involving ransomware. Cyber incidents affecting hospitals and health systems have led to extended care disruptions, patient diversions to other facilities, and delayed medical procedures, all putting patient safety at risk.

    The HHS concept paper outlines the following actions:

    • Publish voluntary Healthcare and Public Health sector Cybersecurity Performance Goals (HPH CPGs). HHS will release HPH CPGs to help health care institutions plan and prioritize implementation of high-impact cybersecurity practices.
    • Provide resources to incentivize and implement cybersecurity practices. HHS will work with Congress to obtain new authority and funding to administer financial support and incentives for domestic hospitals to implement high-impact cybersecurity practices.
    • Implement an HHS-wide strategy to support greater enforcement and accountability. HHS will propose new enforceable cybersecurity standards, informed by the HPH CPGs, that would be incorporated into existing programs, including Medicare and Medicaid and the HIPAA Security Rule.
    • Expand and mature the one-stop shop within HHS for healthcare sector cybersecurity. HHS will mature the Administration for Strategic Preparedness and Response’s (ASPR) coordination role as a “one-stop shop” for healthcare cybersecurity which will improve coordination within HHS and the Federal Government, deepen HHS and the Federal government’s partnership with industry, improve access and uptake of government support and services, and increase HHS’s incident response capabilities.

    HHS release

    Courtesy of VERICHEM
    Photo 154742180 © Pop Nukoonrat | Dreamstime.com
    Photo 109105905 © BiancoBlue | Dreamstime.com
    Photo 244339407 © Andrew Angelov | Dreamstime.com
    Photo 122442631 © Leowolfert | Dreamstime.com