The Department of Health and Human Services (HHS) Cybersecurity Task Force announced new resources to prevent security failures and data breaches in the health sector.
What happened
The HHS 405(d) Program and the Health Sector Coordinating Council Cybersecurity Working Group (HSCC CWG) are working together to meet increasing demands for cybersecurity in the health sphere.
The task force recently announced three free educational resources, which include:
Knowledge on Demand: The first platform from the HHS that offers a variety of cybersecurity trainings via PowerPoint and video. Trainings apply to health organizations and the general health workforce, including topics like ransomware, defending against data attacks, and more.
Health Industry Cybersecurity Practices (HICP) 2023: an extensive publication developed after the Cybersecurity Act of 2015 outlining the biggest cybersecurity risks, the best practices for health organizations, and consensus-based standards for cybersecurity. The report consulted with over 150 professionals to include cost-effective practices to prevent security threats.
Hospital Cyber Resiliency Initiative Landscape Analysis: A comprehensive report on the state of cybersecurity for hundreds of domestic hospitals. The report outlines how these hospitals stack up against the Health Industry Cybersecurity Practices and the National Institute of Standards and Technology Cybersecurity Framework.
Why it matters
The educational resources provided by the HHS task force show a significant commitment to cybersecurity in the health sector and follows multiple data leaks and cybersecurity failures.
Read More: 98.6% of hospitals use tracking that puts patient privacy at risk.
The reports and platform are one of the first comprehensive attempts to empower organizations alongside workers in improving cybersecurity.
What was said
According to Deputy Secretary Andrea Palm, “Cyberattacks are one of the biggest threats facing our health care system today, and the best defense is prevention.” Palm hopes organizations will use the trainings in Knowledge on Demand to better educate their workers. She explains, “This is part of HHS’s continued commitment to working with hospitals, Congress, and industry leaders in protecting America’s patients.”
The task force also hopes that the HICP publication and Hospital Cyber Resiliency Initiative Landscape Analysis report will encourage professionals to look deeper into their potential vulnerabilities.
Erik Decker, Vice President and Chief Information Security Office of Intermountain Health and Chair of the Health Sector Coordinating Council Cybersecurity Working Group, states, “Staying current and responsive to evolving cyber threats is critical to protecting patient safety.”
The bottom line
Cybersecurity continues to evolve in response to the latest threats and challenges to healthcare privacy. The task force says, “Cybersecurity requires us to be flexible and preemptive and HHS looks forward to helping the HPH secretary uphold patient safety.”
Related: HIPAA Compliant Email: The Definitive Guide
Abby Grifno
