The U.S. Department of Health and Human Services (HHS) has unveiled a proposed article outlining the cybersecurity strategy for the medical sector. The conceptual paper delves into various strategies for mitigating cyber attacks that affect all stakeholders in hospital operations.
According to an HHS news release, the paper delineates four action objectives. These include establishing new voluntary health care-related cybersecurity performance goals, collaborating with Congress to advance measures enabling domestic hospitals to enhance their cybersecurity, and fostering greater accountability and coordination within the medical field.
"Since entering office, the Biden-Harris Administration has worked to strengthen the nation's defenses against cyberattacks. The health care sector is particularly vulnerable, and the stakes are especially high. Our commitment to this work reflects that urgency and importance," said HHS Secretary Xavier Becerra. "HHS is working with health care and public health partners to bolster our cyber security capabilities nationwide. We are taking necessary actions that will make a big difference for the hospitals, patients, and communities who are being impacted."
The HHS Office for Civil Rights (OCR) reports a surge in cyber incidents within the healthcare field, with a 93% increase in large breaches and a 278% increase in significant breaches involving ransomware. Such disruptions can lead to extended medical care durations, necessitate patient transfers to other hospitals, and cause suspended medical procedures—thereby jeopardizing patient safety.
"Hospitals across the country have experienced cyberattacks, leading to cancelled medical treatments and stolen medical records. Such impacts are preventable – to keep Americans safe, the Biden-Harris Administration is establishing strong cybersecurity standards for health care organizations and enhancing resources to improve cyber resiliency across the health sector," said Anne Neuberger, deputy national security adviser for cyber and emerging technologies. "Today’s announcement by HHS builds on Biden-Harris Administration’s work to operationalize smart cybersecurity practices in our nation’s most critical sectors, like pipelines, aviation, and rail systems."