HHS launches new website to boost cybersecurity protections in healthcare

The federal government is trying to send the message that “cyber safety is patient safety.”

To that end, the U.S. Department of Health and Human Services launched a new website offering healthcare providers resources to bolster their cybersecurity defenses. The website was developed by a task force consisting of representatives of industry and the federal government.

The website is for the 405(d) Aligning Health Care Industry Security Approaches Program. The site offers products, videos and educational tools to help promote good cybersecurity practices. The health department announced Wednesday that the site is up and running.

“The new 405(d) Program website is a step forward for HHS to help build cybersecurity resiliency across the Healthcare and Public Health Sector,” Christopher Bollerer, HHS Acting Chief Information Security Officer.

Hospitals and healthcare organizations have become tempting targets for hackers. Hospitals have been hit with ransomware attacks and other intrusions which have affected patient care and cost healthcare systems time and money.

The average cost of a data breach in the healthcare sector surpassed $7 million in 2020, according to the health department.

In 2021, healthcare organizations reported hundreds of cybersecurity incidents to the federal government.

Erik Decker, a co-leader of the industry task group working with the government, predicted the website will become an essential resource for healthcare organizations aiming to protect patients and their facilities.

“This website is the first of its kind! It’s a unique space where the healthcare industry can access vetted cybersecurity practices specific to the HPH sector on a federal government website,” Decker said in a statement.

Last month, the government offered another resource to the private sector: a catalog of known vulnerabilities for cyberattacks.

In November, federal authorities warned of attackers backed by the Iranian government targeting critical infrastructure, including the healthcare industry. In June, the attackers gained access to networks in a children’s hospital in the U.S.

Most hospitals have encountered some kind of cybersecurity threats, according to a Healthcare Information and Management Systems Society (HIMSS) survey in 2020.

The survey found 70% of cybersecurity professionals reported serious security incidents within the previous year. Of those incidents, 20% involved ransomware or malware.

Most of those surveyed (61%) indicated the cyberattack disrupted nonemergency clinical care, but more than a quarter (28%) reported a disruption of emergency services. About 1 in 5 (17%) of the respondents said some elective surgeries had to be canceled.