Thursday, March 30, 2023

Press Release: HHS Partners with the Private Sector to Enhance Cybersecurity across Health Systems and Address Future Vulnerabilities

Today, the U.S. Department of Health and Human Services (HHS), through the Administration for Strategic Preparedness and Response (ASPR), released a cybersecurity implementation guide to help the public and private health care sectors prevent cybersecurity incidents. The Cybersecurity Framework Implementation Guide provides specific steps that health care organizations can take immediately to manage cyber risks to their information technology systems.

“Cyber incidents pose risks to patient data, intellectual property, scientific or laboratory research, medical manufacturing, and ultimately the ability of health care organizations to safely serve their patients,” said HHS Deputy Secretary Andrea Palm. “The release of this guide will help health care organizations become better equipped to assess and improve their cybersecurity.”

The was jointly developed by HHS ASPR and the Health Sector Coordinating Council (HSCC) Cybersecurity Working Group, a public-private partnership under Presidential Policy Directive 21.  The National Institute for Standards and Technology (NIST) and other federal agencies contributed substantially to its content. Recent high-profile cyberattacks reinforce the need for companies and organizations to assess their cyber health and resilience and take actions to improve cybersecurity.

Cyber incidents can cause doctors to lose access to critical monitoring and record systems, patients may need to be transferred to different facilities which can delay their care, and equipment can go down forcing the use of manual processes – impacting the safety and wellbeing of patients.

“Health care cyberattacks are among the fastest growing type of cybercrime – jeopardizing patient care, damaging the integrity of health care systems, and threatening the U.S. economy,” said Assistant Secretary for Preparedness and Response Dawn O’Connell. “Health care organizations must safeguard their information technology systems to help prevent attacks and create a culture of cyber safety in the health care industry.”

Using this guide, health care organizations can assess their current cybersecurity practices and risks – identifying gaps for remediation. The guide serves as a roadmap for health care and private health sector organizations to implement the NIST Cybersecurity Framework, including:

  • Guiding risk management principles and best practices
  • Providing common language to address and manage cybersecurity risk
  • Outlining a structure for organizations to understand and apply cybersecurity risk management
  • Identifying effective standards, guidelines, and practices to manage cybersecurity risk cost-effectively based on business needs

The 2018 NIST Framework for Improving Critical Infrastructure Cybersecurity is a risk management model that has become the standard for government agencies and industry in managing cybersecurity risks. The guide released today adapts the 2018 NIST Framework for health care organizations. Using the guide released today, health care organizations, will be better equipped to implement the security framework using their existing security measures with minimal disruptions to their current operations.

“This is another great step forward in strengthening the partnership between HHS and the Health Sector Coordinating Council,” said HHS Chief Information Security Officer La Monte R. Yarborough. “This Framework Implementation Guide joins a growing list of jointly produced resources that are aligned with the NIST framework – allowing organizations of all sizes to implement cybersecurity best practices, protect their patients, and make the sector more resilient.” Read the full press release here.


Please enter your comment!
Please enter your name here

FedHealthIT Xtra – Find Out More!

Recent News

Don’t Miss A Thing

Jackie Gilbert
Jackie Gilbert
Jackie Gilbert is a Content Analyst for FedHealthIT and Author of 'Anything but COVID-19' on the Daily Take Newsletter for G2Xchange Health and FedCiv.

Subscribe to our mailing list

* indicates required