HHS Launches Cybersecurity Web Resource for the Healthcare and Public Health Sector

The Department of Health and Human Services is facing an unprecedented number of cyber threats and more data breaches are now being reported than at any other time in history. 2021 looks like it is going to be another record-breaking year in terms of the number of reported breaches and the second worst-ever year in terms of the numbers of breached records. Cybersecurity has never been more important.

The cyber threat landscape is constantly changing and the increase in the use of Internet-of-things (IoT) devices means the attack surface has grown considerably. Protecting healthcare devices, networks, and data can be a significant challenge. While large health systems typically have a CISO to oversee cybersecurity and skilled staff to implement security policies and procedures in line with industry best practices, small- to medium-sized healthcare organizations may struggle.

To help ensure that healthcare organizations of all sizes have the information they need to defend against cyber-attacks and other security threats, the HHS’ 405(d) Task Group has created a new website of cybersecurity resources for the healthcare and public health sector, as part of the HHS 405(d) Aligning Health Care Industry Security Approaches Program.

The 405(d) program and the associated advisory group were created under section 405(d) of the Cybersecurity Act of 2015. The 405(d) Task Group comprises more than 150 experts from the federal government and healthcare industry that have been working on aligning industry security practices and developing methodologies and guidance to help strengthen cybersecurity across the entire healthcare industry.

“The new 405(d) Program website is a step forward for HHS to help build cybersecurity resiliency across the Healthcare and Public Health Sector. This is also an exciting moment for the HHS Office of the Chief Information Officer in our ongoing partnership with industry,” said Christopher Bollerer, HHS Acting Chief Information Security Officer.

The website serves as a one-stop shop for cybersecurity resources and best practices and includes guidance documents, training material such as posters and videos, and newsletters to raise awareness of threats to the healthcare sector, to drive behavioral change, and ensure greater consistency in mitigating cyber threats.

“This website is the first of its kind! It’s a unique space where the healthcare industry can access vetted cybersecurity practices specific to the HPH sector on a federal government website. I think it’s a great resource for the HPH sector to turn to and will surely be a go-to site for organizations that want to better protect their patients and facilities from the latest cybersecurity threats,” said Erik Decker, 405(d) Task Group Industry co-lead.