The United States Department of Health and Human Services (HHS) this week published a new concept paper, detailing its cybersecurity strategy on improving cyber protections for hospitals, patients, and other communities vulnerable to cyber attacks.
The paper lays out four main pillars of action, including publishing cybersecurity goals specific to the healthcare sector — providing health institutions with resources to improve cybersecurity measures in collaboration with Congress, setting cybersecurity standards for the healthcare sectors to ensure accountability, and improving coordination within HHS and the Federal Government to better cybersecurity in healthcare institutions.
The paper is an extension of the National CyberSecurity Strategy that President Joe Biden introduced last year.
“Since entering office, the Biden-Harris Administration has worked to strengthen the nation’s defenses against cyberattacks,” said HHS Secretary Xavier Becerra. “The healthcare sector is particularly vulnerable, and the stakes are especially high. Our commitment to this work reflects that urgency and importance. HHS is working with health care and public health partners to bolster our cyber security capabilities nationwide. We are taking necessary actions that will make a big difference for the hospitals, patients, and communities who are being impacted.”
It also comes as cyber incidents in the healthcare sector are seeing a significan rise. According to the HHS Office for Civil Rights (OCR), there’s been a jump of 93% in large breaches from 2018 to 2022. OCD also recorded a 278% increase in large attacks that involved ransomware.
“Hospitals across the country have experienced cyberattacks, leading to canceled medical treatments and stolen medical records,” said Anne Neuberger, Deputy National Security Adviser for Cyber and Emerging Technologies. “Such impacts are preventable — to keep Americans safe, the Biden-Harris Administration is establishing strong cybersecurity standards for health care organizations and enhancing resources to improve cyber resiliency across the health sector, including working with Congress to provide financial support for hospitals.
“Today’s announcement by HHS builds on Biden-Harris Administration’s work to operationalize smart cybersecurity practices in our nation’s most critical sectors, like pipelines, aviation, and rail systems.”
“The healthcare sector is experiencing a significant rise in cyberattacks, putting patient safety at risk,” said HHS Deputy Secretary Andrea Palm. “These attacks expose vulnerabilities in our healthcare system, degrade patient trust, and ultimately endanger patient safety. HHS takes these threats very seriously, and we are taking steps that will ensure our hospitals, patients, and communities impacted by cyberattacks are better prepared and more secure.”