Skip over global navigation links
U.S. Department of Health and Human Services

​ 

Staying protected while always connected

Author: Stephen Curren, Director, ASPR’s Office of Emergency Management, Division of Resilience
Published Date: 10/9/2015 3:52:00 PM
Category: Innovations; Public Health Preparedness;

The Internet touches almost all aspects of everyone’s daily life, whether we realize it or not. With a world that’s more connected than ever, cybersecurity matters whether you’re with a government agency or a private company.

Alarmingly, criminal cyberattacks against healthcare organizations are up 125 percent compared to five years ago, replacing lost laptops as the top cause of breaches, according to the Ponemon Institute’s Fifth Annual Benchmark Study on Privacy and Security of Healthcare Data. The survey also showed that the average consolidated total cost of a data breach was $3.8 million, a 23 percent increase from 2013.

What can we do about it? Some very basic best practices can make a significant difference in protecting businesses and government agencies (and your home computer system). These basic best practices – like keeping software patches and antivirus definitions up-to-date, training users to spot e-mail phishing attempts, and making use of a variety of strong passwords for on-line accounts – can be done by the smallest organizations and even at home so you can stay protected and connected. For more tips, check out this helpful list from www.healthit.gov, as well as these cybersecurity games.

To combat cyberattacks at a healthcare system level, public and private organizations have to work together and share information about cyber threats and best practices in cybersecurity. In a study this year by the Healthcare Information Management Systems Society, a majority of respondents said that information sharing was beneficial to their organizations, and 60 percent cited peers as sources of cyber threat information.

To identify the cybersecurity information needs and gaps of hospitals and other healthcare organizations across the country, ASPR has engaged one of the most wired health care systems in the country, the Harris Health System in and around Houston, Texas.

Over the next year, Harris Health experts not only will identify needs and gaps but also will propose a strategy for enhancing the sharing of cybersecurity information among the federal government and private sector partners to better protect the critical cyber infrastructure of the nation’s health care system. This activity is aligned with HHS’s commitment to support, promote, and enhance the information sharing capability of the healthcare and public health sector, as called for in the Nationwide Interoperability Roadmap recently released by HHS’s Office of the National Coordinator for Health Information Technology.

HHS currently shares information on cyber security threats with state and local agencies and private industry through the Homeland Security Information Network. Health sector CIOs and CISOs with a need to know cybersecurity information, can contact cip@hhs.gov to learn more.

HHS has also formed a cybersecurity working group for companies and agencies in health care and public health. Chief Information Officers and Chief Information Security Officers in the healthcare and public health sector – government agencies, hospitals, healthcare organizations, nursing homes, dialysis providers, insurers, biopharmaceutical companies, medical device manufacturers, health IT developers, and more – are welcome to join the working group.

Participants will discuss how the sector can enhance cybersecurity information sharing, manage cyber risks, and apply the Cybersecurity Framework (the national standard for cybersecurity across all economic sectors) to the diverse organizations that make up the healthcare and public health sector . Encourage your CIO or CISO to contact cip@hhs.gov to learn more. ASPR and other HHS agencies are conducting internal planning, too, on how to respond best to cyber incidents and are developing resources to help private sector partners to protect their systems. Check out phe.gov/cip for the latest guidance, guides and checklists.

blank imageblank image


Comments:

Add Comments:

This is a moderated blog-we will review all comments before posting them. To learn more, please see ASPR Blog and Social Media Comments.

 
 

Please validate the following expression by entering the correct numeric value.
Question: What is six + six ?