HHS awards funding to help protect health sector against cyber threats
The U.S. Department of Health and Human Services (HHS) has awarded cooperative agreements totaling $350,000 to strengthen the ability of health care and public health sector partners to respond to cybersecurity threats. The agreements will foster the development of a more vibrant cyber information sharing ecosystem within the health care and public health sector.
HHS’ Office of the National Coordinator for Health Information Technology (ONC) awarded a cooperative agreement to the National Health Information Sharing and Analysis Center (NH-ISAC) of Ormond Beach, Florida to provide cybersecurity information and education on cyber threats to healthcare sector stakeholders. HHS’ Office of the Assistant Secretary for Preparedness and Response (ASPR) awarded a cooperative agreement to NH-ISAC to help build the infrastructure necessary to disseminate cyber threat information securely to healthcare partners.
“These agreements mark a critical first step toward addressing the growing threat cybersecurity poses to the health care and public health sector,” said Dr. Nicole Lurie, HHS’ assistant secretary for preparedness and response. “Creating a more robust exchange about cybersecurity threats will help the industry prevent, detect and respond to these threats and better protect patients’ privacy and personally identifiable information.”
“The security of electronic health information is foundational to our increasingly digitized health system,” said Dr. Vindell Washington, national coordinator for health information technology. “This funding will help healthcare organizations of all sizes more easily and effectively share information about cyber threats and responses in order to protect their data and the health of their patients.”
Security breaches and ransomware attacks on the healthcare system have been on the rise in recent years, as has the average cost associated with these attacks. Today, the cost of cybersecurity breaches averages $3.8 million per attack, according to a recent study . While some healthcare entities have adequate resources to contract with information sharing and analysis organizations that could to inform them about cyber incidents, smaller healthcare entities often do not.
Through a streamlined cyber threat information sharing process, HHS will be able to send cyber threat information to a single entity, which then will share that information widely to support the full range of stakeholders. This approach helps ensure that smaller health care providers have the information they need to take appropriate action.
The agreements also will help build the capacity of NH-ISAC to receive cyber threat information from member healthcare entities. Information about any system breaches and ransomware attacks will be relayed through a more robust cyber information sharing environment, as will information about steps healthcare entities should take to protect their health information technology systems.
ASPR leads HHS in preparing the nation to respond to and recover from adverse health effects of emergencies, supporting communities’ ability to withstand adversity, strengthening health and response systems, and enhancing national health security. To learn more about ASPR, visit the HHS public health and medical emergency website, phe.gov.
ONC is the principal federal entity charged with coordination of nationwide efforts to implement and use the most advanced health information technology and the electronic exchange of health information. To learn more about ONC, visit HealthIT.gov.
HHS is the principal federal agency for protecting the health of all Americans and providing essential human services, especially for those who are least able to help themselves.