top of page
OCR-logo-Fontes-Rainer-new-director.png

Summary of the Department of Health and Human Services 

Healthcare Sector Cybersecurity Strategy

vbcvcxzx.jpg
Screenshot (306)dsvdscAXZ.png
SC_Logo_Reversed_CMYK.png

Cyber incidents in all industries including healthcare are on the rise. In response, the United States government has released the National Cyber Security Strategy Guidance - Cybersecurity Performance Goals in July of 2023:

​​

The Department of Health and Human Services (HHS) has issued:

  • Voluntary healthcare cybersecurity guidance 

  • Cybersecurity training support for small and mid-sized healthcare organizations 

  • Quality System Considerations for medical devices 

  • Telehealth guidance for patients and providers 

​

These Cybersecurity Performance Goals will: 

  • Help healthcare institutions prioritize critical implementation

  • Include both essential (immediate) and enhanced (longer term) goals  

​

The HHS will obtain new authority for: 

  • Updating HIPAA to include new cybersecurity requirements imposing new Medicare and Medicaid requirements 

  • Conducting investigations and pro-active audits and increase monetary penalties for violations 

 

The HHS will obtain new funding for: 

  • Technical assistance for low-resourced organizations to improve compliance 

  • Defraying upfront costs associated with implementing “essential” goals 

  • Offering Incentive programs to encourage hospitals to implement “enhanced” goals

How Security Counsel can help: 

  • We can help you understand and implement the recommendations surrounding these Cybersecurity Performance Goals 

​​

  • We help you achieve the essential goals quickly and systematically work toward the enhanced goals

​​

  • We have a specialized focus on healthcare organization cybersecurity operations  â€‹

​

  • We can help you understand the available Federal funding to help offset some of the costs of this effort

​​

  • One of our board members, a CISO at a large healthcare network, was an integral part of the team that drafted the guidance​

​

​

Hospital

Personnel

​

through phishing, ransomware and other human-centered means

System

Vulnerabilities

​

hospital infrastructure

and security operations deficiencies

Compliance

Challenges

​

HIPAA, HICP 405D, and

other patient-centric requrements

Cyberattacks involved over 40M individual patient records in the first half of 2023

Attacks are up 104% from the second half of 2022 to the

first half of 2023

57% of healthcare providers reported negative patient outcomes due to cyberattacks

image.png

The full cybersecurity team at the Department of Health and Human Services consists of these organizations

ASPR_logo_2022.png
2022-ONC-Logo-4c-Blue.png
HC3 - ready.png
405d.png
OCR-logo-Fontes-Rainer-new-director.png
ONS.png
fda_logo_by_taufiqtv_6287880479773_0.png
bottom of page