HHS announces next step in ongoing work to enhance cybersecurity for health care and public health sectors

The concept paper highlights ongoing and planned steps to improve cyber resilience and protect patient safety.

Washington The U.S. Department of Health and Human Services (HHS) today released a concept paper that outlines the department’s cybersecurity strategy for the health care sector. The concept paper builds on the National Cybersecurity Strategy that President Biden released last year, which focuses on strengthening the resiliency of hospitals, patients and communities particularly at risk from cyberattacks. The paper details four pillars for action, including publishing new voluntary health care-specific cybersecurity performance targets, working with Congress to develop support and incentives for domestic hospitals to improve cybersecurity, and increasing accountability and coordination within the health care sector.

According to the HHS Office for Civil Rights (OCR), cyber incidents in health care are on the rise. From 2018-2022, there has been a 93% increase in major breaches reported in OCR (369 to 712), with major breaches involving ransomware increasing by 278%. Cyber ​​incidents impacting hospitals and health systems have caused prolonged disruptions in care, diverted patients to other facilities and delayed medical procedures, putting patient safety at risk.

Since entering office, the Biden-Harris administration has worked to strengthen the country’s defenses against cyberattacks. The health care sector is particularly vulnerable, and the risks are particularly high. “Our commitment to this work reflects that urgency and importance,” said HHS Secretary Xavier Becerra. HHS is working with health care and public health partners to enhance our cybersecurity capabilities across the country. We are taking the necessary action that will make a big difference for the hospitals, patients and communities affected.

Hospitals across the country have been hit by cyber attacks, leading to medical treatments being canceled and medical records being stolen. To keep Americans safe and prevent such impacts, the Biden-Harris administration is setting stronger cybersecurity standards for health care organizations and increasing resources to improve cyber resiliency across the health sector, including hospitals. This includes working with Congress to provide financial support for. “Today’s announcement from HHS builds on the work of the Biden-Harris Administration to drive smart cybersecurity practices across our nation’s most critical sectors, such as pipeline, aviation, and rail systems,” said Anne Neuberger, Deputy National Security Advisor for Cyber ​​and Emerging Technologies. is based.

The health care sector is experiencing a significant increase in cyber attacks, putting patient safety at risk. “These attacks expose weaknesses in our health care system, undermine patient trust and ultimately jeopardize patient safety,” said HHS Deputy Secretary Andrea Palm. HHS takes these threats very seriously, and we are taking steps that will ensure our hospitals, patients, and communities affected by cyberattacks are better prepared and more secure.

The HHS concept paper outlines the following actions:

  • Publish voluntary health care and public health sector cyber security performance targets (HPH CPGs). HHS will release HPH CPGs to help health care institutions plan and prioritize the implementation of high-impact cybersecurity practices.
  • Provide resources to encourage and enforce cybersecurity practices. HHS will work with Congress to obtain new authorization and funding to provide financial assistance and incentives to domestic hospitals to implement high-impact cybersecurity practices.
  • Implement an HHS-wide strategy to support improved enforcement and accountability. HHS will propose new enforceable cybersecurity standards, informed by the HPH CPG, to be incorporated into existing programs, including Medicare and Medicaid and the HIPAA security rule.
  • Expand and mature the one-stop shop within HHS for healthcare cybersecurity. HHS will mature the Strategic Preparedness and Response Administration (ASPR) coordination role as a one-stop shop for health care cybersecurity that will improve coordination within HHS and the federal government, deepening HHS and the federal government’s partnerships with industry. will improve reach and uptake. Government assistance and services, and increased HHS incident response capabilities.

The full concept paper is available here.

The President’s National Cybersecurity Strategy is available here.

#HHS #announces #step #ongoing #work #enhance #cybersecurity #health #care #public #health #sectors
Image Source : www.hhs.gov

Leave a Comment