Enhancing Cybersecurity in the Health and Human Services in the US

Health and Human Services (HHS) has released a concept paper outlining its cybersecurity strategy for the health care sector, building on President Biden’s National Cybersecurity Strategy. The paper details four pillars: publishing voluntary health care–specific cybersecurity performance goals, working with Congress to support and incentivize cybersecurity improvements in domestic hospitals, and increasing accountability and coordination within the sector. HHS Secretary Xavier Becerra emphasized the urgency of strengthening cybersecurity to protect hospitals, patients, and communities from the growing threat of cyberattacks, which have risen significantly in recent years, leading to severe disruptions and risks to patient safety.

The concept paper highlights the increasing prevalence of cyber incidents in health care, noting a 93% increase in large breaches from 2018 to 2022, with ransomware attacks surging by 278%. These breaches have resulted in extended care disruptions and delayed medical procedures. HHS plans to publish cybersecurity performance goals, provide financial incentives for hospitals to enhance their cybersecurity practices, and propose new enforceable standards informed by these goals. Additionally, HHS will strengthen its coordination and incident response capabilities through the Administration for Strategic Preparedness and Response, aiming to improve the sector’s overall cyber resilience and protect patient safety.

Continue Reading here.