Public Health Emergency - Leading a Nation Prepared
Following the dramatic escalation in cyber attacks against the health care industry, Congress called for the establishment of the Health Care Industry Cybersecurity Task Force under Section 405(c) of the Cybersecurity Information Sharing Act of 2015. The Department of Health and Human Services (HHS) convened the Task Force in March 2016, drawing members with a wide range of professional backgrounds and subject matter expertise from across the breadth of the health care industry. Over the course of the next year, the members discussed cybersecurity concerns for the health care industry and potential ways to better protect health care systems, providers, and patients.
On June 2, 2017, the Task Force released the Report on Improving Cybersecurity in the Health Care Industry (the Report) to illustrate the urgency and complexity of cybersecurity risks facing the health care industry.
Since the publication of the report, HHS has been working across all of its agencies and offices to study the report’s recommendations and begin to implement changes. For some recommendations, HHS was able to take immediate action. Other recommendations require a longer term approach to align recommendations with existing policies, authorities, and resources. HHS is working closely with partners throughout the private sector and the Federal Government to maintain focus on the recommendations with the goal of making continual progress. Below is a sample of the work we have been doing in the year since the Task Force report. It is arranged by the six “Imperatives” that were identified by the Task Force.
The Task Force focused on the need for strong cybersecurity leadership in corporate governance structures, industry organizations, and government at all levels. HHS is addressing these recommendations by strengthening our internal cybersecurity structures.
The Task Force developed several recommendations addressing the unique cybersecurity challenges of medical devices and electronic health records. HHS is identifying regulatory and non-regulatory means to address these challenges.
These recommendations address current cybersecurity workforce challenges across health care. HHS is taking innovative steps to develop its own cybersecurity workforce, while looking for opportunities to leverage its successes for the benefit of the greater health care industry.
These recommendations focus on raising cybersecurity awareness among health care organization leaders, employees, and customers. HHS has made cybersecurity outreach a priority.
This section focuses on the significant problem of health care intellectual property theft related to areas such as clinical trials, drug and device development, big data applications, and general health care business operations. HHS is working to expand outreach and collaboration with owners and users of health care intellectual property.
These recommendations focus on the sharing of cyber threat information between government and industry. HHS has increased our capability to analyze and share cyber threat information related to health care.
In addition to the progress made within HHS, the Department’s partners on the industry-led Sector Coordinating Council have made significant steps toward improving the industry’s cybersecurity posture. They have identified cybersecurity leadership, developed a recruitment plan for additional members, and established several task groups to address Task Force recommendations. HHS encourages our partners to connect with the SCC in their efforts. For more information, please contact firstname.lastname@example.org.
Home | Contact Us | Accessibility | Privacy Policies | Disclaimer | HHS Viewers & Players | HHS Plain Language | Vulnerability Disclosure Policy
Assistant Secretary for Preparedness and Response (ASPR), 200 Independence Ave., SW, Washington, DC 20201
U.S. Department of Health and Human Services | USA.gov |
HealthCare.gov in Other Languages