Getting your Trinity Audio player ready...
|
The advancement of healthcare is emerging to its cybersecurity frontier, where the U.S. Department of Health and Human Services (HHS) initiative serves as a cornerstone for fortifying the digital resilience of the healthcare industry. As healthcare increasingly relies on digital technologies to deliver patient care and manage sensitive health data, securing these systems from malicious cyber threats becomes paramount. The HHS strategy acknowledges the current surge in cyber incidents and proactively addresses the evolving nature of these threats.
The U.S. Department of Health and Human Services (HHS) has unveiled a concept paper outlining its cybersecurity strategy specifically tailored for the healthcare sector. Building upon President Biden’s National Cybersecurity Strategy, this initiative strongly emphasises fortifying resilience in the face of cyber threats targeting hospitals, patients, and communities.
The concept paper articulates a robust plan of action, encompassing the publication of new voluntary healthcare-specific cybersecurity performance goals, collaboration with Congress to institute supports and incentives for domestic hospitals to enhance cybersecurity, and an emphasis on accountability and coordination within the healthcare sector.
According to the HHS Office for Civil Rights (OCR), cyber incidents in the healthcare domain have seen a staggering increase, with a 93% rise in large breaches reported from 2018 to 2022 (from 369 to 712). Notably, incidents involving ransomware have surged by 278%. The repercussions of cyberattacks on hospitals and health systems have been severe, resulting in extended care disruptions, patient diversions, and delayed medical procedures, ultimately jeopardising patient safety.
HHS Secretary Xavier Becerra underscored the urgency of addressing cybersecurity vulnerabilities in the healthcare sector, acknowledging its high susceptibility. Becerra emphasised the Biden-Harris Administration’s commitment to bolstering nationwide cybersecurity capabilities in collaboration with healthcare and public health partners. The overarching goal is to substantially impact hospitals, patients, and communities grappling with the repercussions of cyber threats.
In acknowledging the challenges faced by the healthcare sector, the administration’s commitment extends beyond mere rhetoric, signalling a proactive stance to protect critical infrastructure. Becerra’s acknowledgement of the overarching goal underscores the administration’s dedication to significantly impacting hospitals, patients, and communities that bear the brunt of cyber threats. The focus extends beyond theoretical cybersecurity measures to tangible, real-world outcomes that ensure the safety and well-being of individuals reliant on healthcare services.
Further, Anne Neuberger, Deputy National Security Adviser for Cyber and Emerging Technologies, highlighted the preventable nature of impacts stemming from cyberattacks on healthcare organisations. Neuberger stressed the administration’s commitment to establishing robust cybersecurity standards and allocating resources to enhance cyber resiliency across critical sectors, drawing parallels with initiatives like pipelines, aviation, and rail systems.
Deputy Secretary Andrea Palm echoed the concerns about the escalating cyber threats in the healthcare sector, emphasising the need for comprehensive measures to ensure the preparedness and security of hospitals, patients, and communities. HHS’s concept paper delineates a multifaceted approach, encompassing the publication of voluntary Health care and Public Health sector Cybersecurity Performance Goals (HPH CPGs) to guide institutions in prioritising and implementing high-impact cybersecurity practices.
Additionally, HHS aims to collaborate with Congress to secure new authority and funding to incentivise hospitals to adopt these practices. The plan proposes enforceable cybersecurity standards, informed by the HPH CPGs, integrated into existing programmes. The initiative further seeks to expand and enhance HHS’s coordination role as a “one-stop shop” for healthcare cybersecurity, improving coordination within the federal government and fostering deeper partnerships with industry stakeholders.
As the HHS cybersecurity strategy unfolds, it is poised to set a precedent for safeguarding critical infrastructure in the healthcare sector, addressing current vulnerabilities and establishing a resilient foundation for the future. The comprehensive and collaborative approach outlined in the concept paper aligns with the evolving nature of cyber threats, demonstrating a commitment to proactive cybersecurity measures that transcend traditional boundaries.