HHS Releases Voluntary Cybersecurity Goals for the Healthcare Sector

From Healthcare Dive

Dive Brief:

  • The HHS released voluntary cybersecurity goals for healthcare and public health organizations on Wednesday, as the industry grapples with increasing large data breaches and ransomware attacks.
  • The performance goals, broken down into essential and enhanced safeguards, aim to help organizations prevent cyberattacks, improve their response if an incident occurs and minimize remaining risk after security measures are applied.
  • The resources come after the HHS released a concept paper in December, which detailed plans to create hospital cybersecurity requirements through Medicare and Medicaid and eventually update the HIPAA rule.

Dive Insight:

Healthcare data breaches — particularly those stemming from hacking — have risen over the past decade, exposing hundreds of millions of patients’ sensitive personal information or protected health data.

Breaches can be costly for healthcare organizations to manage, but cyberattacks that interrupt hospital operations are also a risk to patient safety.

Ransomware, where criminals demand payment in exchange for restored access to sensitive information and critical systems, can disrupt normal care for weeks.

Ardent Health Services, which runs facilities in multiple states, was hit by a ransomware attack on Thanksgiving, forcing the hospital operator to take its network offline and divert incoming ambulances. Ardent restored access to its electronic health record in early December and fully recovered its patient portal in January.

The new cybersecurity goals from the HHS aim to help healthcare organizations build layered protection against cyberattacks — so if one defense fails, another can serve as a backup — which the agency said is key to building resilience and protecting patients.

“We have a responsibility to help our health care system weather cyber threats, adapt to the evolving threat landscape, and build a more resilient sector,” HHS Deputy Secretary Andrea Palm said in a statement. “The release of these cybersecurity performance goals is a step forward for the sector as we look to propose new enforceable cybersecurity standards across HHS policies and programs that are informed by these CPGs.”

The essential goals, which include safeguards like email security, multifactor authentication and basic cybersecurity training for employees, create a base to help organizations manage common vulnerabilities.

The enhanced protections, like establishing processes to discover and address threats at vendors, separating critical assets into discrete network segments and cybersecurity testing, aim to help health systems mature their defenses.

Hospitals cheered the voluntary goals, with American Hospital Association president and CEO Rick Pollack recommending in an email statement that “all components of the healthcare sector implement these practices including third party technology providers and business associates.”

But the trade and lobbying group has previously argued that mandated cybersecurity standards tied to funding — which media reports suggest could be coming down the pike soon — could remove hospital resources that could be used to shore up their cyber defenses.

The post HHS Releases Voluntary Cybersecurity Goals for the Healthcare Sector appeared first on Pennsylvania Office of Rural Health.

Recommend0 recommendationsPublished in My Healthy Pennsylvania, Rural Health PA

Related Articles

5 Essential Frameworks for Preventing Violent Child Death

The U.S. has a violent child death problem. Developing strategies to prevent violent child deaths death from firearms and traffic crashes is a demanding task that requires consideration of numerous upstream, interrelated, and tangential issues. To help safety advocates develop strategies to prevent violent child death, we compiled five frameworks to help: Understand and explain …
The post 5 Essential Frameworks for Preventing Violent Child Death appeared first on Salud America.

What Are the Risk and Protective Factors for Violent Child Death?

Gun violence and traffic crashes may seem like unpredictable events. But they are not random. They are systematic. Data reveal trends and patterns in gun violence and traffic crashes that can help us identify risk factors and protective factors. This is especially important for addressing violent child deaths. So what does the data show? Join …
The post What Are the Risk and Protective Factors for Violent Child Death? appeared first on Salud America.

We Need to Recognize Toxic Stress as a Health Condition with Clinical Implications

There is a common health condition with serious medical consequences that has not been nationally recognized by the medical or public health community—toxic stress response. Toxic stress is the body’s response to prolonged trauma─like abuse or discrimination─with no support. It can harm lifelong mental, physical, and behavioral health, especially for Latinos and others of color. …
The post We Need to Recognize Toxic Stress as a Health Condition with Clinical Implications appeared first on Salud America.

Did Americans Suddenly Become Worse Drivers or Are Megacars Spiking Traffic Fatalities?

Driving is a daily danger to American life. And it is getting more dangerous. More Americans died in motor vehicle traffic crashes in 2021 than any other year since 2005, according to the National Highway Traffic Safety Administration. Additionally, pedestrian fatalities are up 13% and bicyclist fatalities are up 5% compared to 2020. These are …
The post Did Americans Suddenly Become Worse Drivers or Are Megacars Spiking Traffic Fatalities? appeared first on Salud America.