The U.S. Department of Health and Human Services has created a new task force to help provide resources to address cybersecurity concerns in the healthcare and public health industries.
The HHS 405(d) Program and the Health Sector Coordinating Council Cybersecurity Working Group is leading the cybersecurity effort, according to an April 17 news release.
“Cyberattacks are one of the biggest threats facing our healthcare system today, and the best defense is prevention,” HHS Deputy Secretary Andrea Palm said in the release.
Resources include an updated version of the Health Industry Cybersecurity Practices 2023 edition and a Hospital Cyber Resiliency Initiative Landscape Analysis. Knowledge on Demand is a new platform that offers free cybersecurity training to the health sector workforce, the release said.
The Knowledge on Demand platform will provide free cybersecurity training for the health sector workforce in the areas of social engineering, ransomware, loss or theft of equipment or data, insider purposeful or accidental data loss and attacks on network-connected medical devices, according to the release.
“These trainings will serve as an asset to any sized organization looking to train staff in basic cybersecurity awareness and are offered free of charge, ensuring that those hospitals and health care organizations most vulnerable to attack can take steps toward resilience," Palm said in the release. "This is part of HHS’s continued commitment to working with hospitals, Congress and industry leaders in protecting America’s patients."
In response to the 2015 Cybersecurity Act, the HHS 405(d) Program was created, according to the release.
A common set of voluntary, consensus-based and industry-led cybersecurity guidelines, practices, methodologies, procedures and processes that healthcare organizations can use was developed by the group, which HHS established in accordance with Section 405(d), to "improve cybersecurity and harmonize industry approaches." The program's flagship publication, HICP, which came out in 2018, contains these elements, the release said.
More than 150 industry and government experts have updated HICP 2023 to include the most pertinent and economical means of protecting patients and reducing the current cybersecurity dangers that the HPH sector faces, the release reported.