How HHS has strengthened cybersecurity of hospitals and health care systems

Andrea Palm, Deputy Secretary of the U.S. Department of Health and Human Services (HHS), outlines the agency’s ongoing efforts to address the growing threat of cyberattacks on hospitals and health care systems. As the department’s chief operating officer, Palm highlights HHS’s focus on three key areas: policy and regulation, resources, and sector coordination, emphasizing the strategic actions taken to enhance cybersecurity and safeguard patient care.

HHS has implemented cybersecurity performance goals for health organizations, updated the Health Insurance Portability and Accountability Act Security Rule, and introduced new cybersecurity requirements for medical devices and payers. In addition, the agency has allocated $240 million in hospital preparedness funding and over $50 million in new technology investments to improve the patching of security vulnerabilities and support under-resourced organizations. HHS has also introduced infrastructure to help hospitals maintain operations during cyber incidents.

To strengthen sector-wide resilience, HHS has improved coordination with federal and private sector partners, created a “one-stop shop” for health care sector cybersecurity, and provided cyber awareness training for staff. Palm emphasizes the importance of continuing to support smaller organizations, utilizing artificial intelligence (AI) in cybersecurity efforts, and maintaining a sector-wide approach to protect interconnected health systems from evolving cyber threats. To learn more about how HHS is working to strengthen cybersecurity across the health care sector, visit the CyberScoop article.