The U.S. Department of Health and Human Services (HHS) announces next steps in ongoing efforts to strengthen cybersecurity in the healthcare and public health sectors

The concept paper highlights measures being taken and planned to improve cyber resilience and protect patient safety.

Washington The U.S. Department of Health and Human Services (HHS) today released a concept paper outlining its cybersecurity strategy for the health care sector. The concept paper builds on the National Cybersecurity Strategy released by President Biden last year, with a specific focus on strengthening the resilience of hospitals, patients and communities threatened by cyberattacks. The document details four pillars of action, including issuing new voluntary health care-specific cybersecurity performance goals, working with Congress to provide support and incentives for domestic hospitals to improve cybersecurity, and strengthening accountability and accountability within the health care sector. coordination.

According to the HHS Office for Civil Rights (OCR), cyber incidents in the healthcare field are on the rise. From 2018 to 2022, large breaches reported to OCR increased by 93% (369 to 712), including a 278% increase in large breaches involving ransomware. Cyber ​​incidents affecting hospitals and health systems result in extended interruptions in care, transfers of patients to other facilities, and delays in medical procedures, all of which put patient safety at risk.

Since taking office, the Biden-Harris administration has worked to strengthen the nation’s defenses against cyberattacks. The healthcare industry is particularly vulnerable and the risks are particularly high. “Our commitment to this work reflects this urgency and importance,” said U.S. Health and Human Services Secretary Xavier Becerra. HHS is working with health care and public health partners to enhance our cybersecurity capabilities across the country. We are taking necessary actions that will have a significant impact on affected hospitals, patients and communities.

Hospitals across the country have been hit by cyberattacks, resulting in canceled medical treatments and theft of medical records. To ensure Americans are safe and this impact is preventable, the Biden-Harris Administration is developing strong cybersecurity standards for health care organizations and increasing resources to improve cyber resiliency across the health sector, including with Congress works together to provide financial support for hospitals. Anne Neuberger, deputy national security adviser for cyber and emerging technologies, said today’s announcement from the Department of Health and Human Services builds on the Biden-Harris Administration’s commitment to strengthening our nation’s most critical sectors, such as pipelines, aviation and railway systems) based on the implementation of smart network security practices.

The healthcare industry is experiencing a significant increase in cyberattacks, putting patient safety at risk. HHS Undersecretary Andrea Palm said these attacks expose vulnerabilities in our health care system, reduce patient trust, and ultimately compromise patient safety. HHS takes these threats very seriously, and we are taking steps to ensure hospitals, patients, and communities affected by cyberattacks are better prepared and safer.

The HHS concept paper outlines the following actions:

  • Release of voluntary Healthcare and Public Health Cybersecurity Performance Targets (HPH CPG). HHS will publish the HPH CPG to help health care organizations plan and prioritize high-impact cybersecurity practices.
  • Provide resources to inspire and implement cybersecurity practices. The U.S. Department of Health and Human Services will work with Congress to obtain new authority and funding to administer financial support and incentives for domestic hospitals to implement high-impact cybersecurity practices.
  • Implement HHS-wide strategies to support enhanced enforcement and accountability. HHS will propose new enforceable cybersecurity standards, notified by the HPH CPG, that will be incorporated into existing programs, including Medicare and Medicaid and the HIPAA Security Rule.
  • Expand and mature the one-stop shop for healthcare sector cybersecurity within HHS. HHS will improve the coordination role of the Administration for Strategic Preparedness and Response (ASPR) as a one-stop service center for healthcare cybersecurity. This will improve coordination within HHS and the federal government and deepen HHS and federal and industry partners. relationships, improve access to and uptake of government supports and services, and enhance HHS’s incident response capabilities.

The full concept paper is available here.

The President’s National Cybersecurity Strategy is available here.

#U.S #Department #Health #Human #Services #HHS #announces #steps #ongoing #efforts #strengthen #cybersecurity #healthcare #public #health #sectors
Image Source : www.hhs.gov

Leave a Comment