Inside HHS: The ‘One-Stop Shop’ for Health Sector Cybersecurity

In a recent interview with Federal News Network, Brian Mazanec, Deputy Director of the Administration for Strategic Preparedness and Response (ASPR) at the Department of Health and Human Services (HHS), discussed the agency’s leadership in healthcare cybersecurity amid escalating ransomware threats.

Mazanec highlighted that ASPR has established a dedicated cybersecurity division focused on incident response, working closely with the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA). The agency is actively enhancing cybersecurity measures at healthcare facilities through grant funding and prioritizing third-party risk management.

In addition, ASPR is developing a sector risk assessment to bolster the healthcare sector’s overall risk posture and is improving internal communication within HHS. Plans include integrating cybersecurity performance goals into existing programs, revising HIPAA regulations, and launching a new Medicare incentive program in 2027, all designed to enhance compliance. While ASPR does not possess the authority to mandate cybersecurity requirements, Mazanec emphasized its vital role in facilitating sector discussions as the risk management agency. For further details, the full interview can be found at Federal News Network.