Summary of the Department of Health and Human Services
Healthcare Sector Cybersecurity Strategy
Cyber incidents in all industries including healthcare are on the rise. In response, the United States government has released the National Cyber Security Strategy Guidance - Cybersecurity Performance Goals in July of 2023:
​​
The Department of Health and Human Services (HHS) has issued:
-
Voluntary healthcare cybersecurity guidance
-
Cybersecurity training support for small and mid-sized healthcare organizations
-
Quality System Considerations for medical devices
-
Telehealth guidance for patients and providers
​
These Cybersecurity Performance Goals will:
-
Help healthcare institutions prioritize critical implementation
-
Include both essential (immediate) and enhanced (longer term) goals
​
The HHS will obtain new authority for:
-
Updating HIPAA to include new cybersecurity requirements imposing new Medicare and Medicaid requirements
-
Conducting investigations and pro-active audits and increase monetary penalties for violations
The HHS will obtain new funding for:
-
Technical assistance for low-resourced organizations to improve compliance
-
Defraying upfront costs associated with implementing “essential” goals
-
Offering Incentive programs to encourage hospitals to implement “enhanced” goals
How Security Counsel can help:
-
We can help you understand and implement the recommendations surrounding these Cybersecurity Performance Goals
​​
-
We help you achieve the essential goals quickly and systematically work toward the enhanced goals
​​
-
We have a specialized focus on healthcare organization cybersecurity operations ​
​
-
We can help you understand the available Federal funding to help offset some of the costs of this effort
​​
-
One of our board members, a CISO at a large healthcare network, was an integral part of the team that drafted the guidance​
​
​
Hospital
Personnel
​
through phishing, ransomware and other human-centered means
System
Vulnerabilities
​
hospital infrastructure
and security operations deficiencies
Compliance
Challenges
​
HIPAA, HICP 405D, and
other patient-centric requrements
Cyberattacks involved over 40M individual patient records in the first half of 2023
Attacks are up 104% from the second half of 2022 to the
first half of 2023
57% of healthcare providers reported negative patient outcomes due to cyberattacks
The full document: Healthcare Sector Cybersecurity – Introduction to the strategy of the U.S. Department of Health and Human Services
​
See how Security Counsel can help you create your robust Healthcare Security Program
The full cybersecurity team at the Department of Health and Human Services consists of these organizations