Today, the U.S. Department of Health and Human Services (HHS), through the Administration for Strategic Preparedness and Response (ASPR), released voluntary health care specific cybersecurity performance goals (CPGs) and a new gateway website to help Health Care and Public Health (HPH) sector organizations implement these high-impact cybersecurity practices and ease access to the plethora of cybersecurity resources HHS and other federal partners offer.
As outlined in the recent HHS Health Care Sector Cybersecurity concept paper, HHS is publishing the CPGs to help health care organizations, and health care delivery organizations in particular, prioritize implementation of high-impact cybersecurity practices. The HPH CPGs are designed to better protect the healthcare sector from cyberattacks, improve response when events occur, and minimize residual risk. HPH CPGs include both essential goals to outline minimum foundational practices for cybersecurity performance and enhanced goals to encourage adoption of more advanced practices.