Dec 7 / CARE

HHS Outlines Continued Efforts to Strengthen Cybersecurity in Healthcare and Public Health

On December 6, 2023, the U.S. Department of Health and Human Services (HHS) unveiled a comprehensive cybersecurity strategy tailored for the healthcare sector. This strategy, encapsulated in a concept paper, aligns with the broader National Cybersecurity Strategy initiated by President Biden. The aim is to fortify the resilience of hospitals, patients, and communities against increasing cyber threats.

Key Highlights of the Strategy:

Four Pillars of Action

  1. Developing voluntary cybersecurity goals tailored for healthcare.
  2. Partnering with Congress to support and incentivize cybersecurity enhancements in hospitals.
  3. Proposing enforceable cybersecurity standards across the sector.
  4. Strengthening coordination and accountability within the healthcare industry.

Rising Cyber Threats

  • A 93% surge in major healthcare data breaches reported between 2018-2022.
  • A 278% increase in ransomware-related incidents, severely impacting healthcare operations and patient safety.

Commitment from HHS Leadership

  • HHS Secretary Xavier Becerra and Deputy Secretary Andrea Palm emphasize the administration's dedication to strengthening cybersecurity defenses in healthcare.
  • Recognizing the sector's vulnerability and the high stakes involved in protecting patient data and healthcare services.

Strategic Actions Outlined by HHS

  • Publishing Cybersecurity Performance Goals to guide healthcare institutions.
  • Seeking legislative support for financial incentives to implement robust cybersecurity practices.
  • Introducing new enforceable cybersecurity standards, informed by sector-specific goals.
  • Enhancing the coordination role of the Administration for Strategic Preparedness and Response, serving as a central hub for healthcare cybersecurity.

This expanded strategy reflects a deep understanding of the unique cybersecurity challenges faced by the healthcare sector and underscores the administration's proactive approach in addressing these issues. The strategy is not only about protecting data but also about ensuring the continuous delivery of critical healthcare services in a secure digital environment.