U.S. Department of Health & Human Services


Overview
About Us	Join and Connect	Stay Up-To-Date
Strategic Plan \| 2022-2026	ASPR Careers	Newsroom
Leadership Biographies	Boards and Committees	Blog
Organization Chart	Partnering with ASPR
Budget and Funding


Overview
Join. Train. Respond.	Response Resources	Law and Strategy
National Disaster Medical System	Cybersecurity	Public Health Emergency Declarations
Medical Reserve Corps	At-Risk Individuals	Section 1135 Waivers
ESAR-VHP	Disaster Behavioral Health	National Response Framework and Emergency Support Function 8
	Emergency Prescription Assistance Program	Legal Authorities, Policies, and Strategies
	National Emergency Telemedicine Network
	ASPR TRACIE


Overview
Health Care Readiness	Programs and Activities	Resources and Funding	Related Programs
Stories from the Field	Hospital Preparedness Program	Health Care Readiness Funding	Critical Infrastructure Protection
Health Care Readiness Near You	Regional Disaster Health Response System	COVID-19 Health Care Preparedness and Response	Health and Social Services Recovery
	National Special Pathogen System	Health Care Readiness Program Webinars
	Workforce Capacity and Capability	Performance Measures, Guidance, and Reports


Overview
Medical Countermeasures	Biodefense
Project NextGen	Industrial Base Expansion
BARDA	S3: Science, Safety, and Security
Doing Business with BARDA	Strategic Planning and Committees
Strategic National Stockpile	Legal Authorities, Policies, and Strategies


Overview
Partnership Opportunities	Professional Resources	Join Us
Medical Countermeasures TechWatch	ASPR TRACIE	National Disaster Medical System
EZ-BAA: BARDA DRIVe Easy Broad Agency Announcement	National Emerging Special Pathogens Training and Education Center	Medical Reserve Corps
BARDA Broad Agency Announcement	Critical Infrastructure Protection	ESAR-VHP
IBx Connect	Boards and Committees
Blue Knight	NACCD - Children and Disasters
CARB-X	NACIDD - Disabilities and Disasters
BARDA Ventures	NACSD - Seniors and Disasters
BARDA DRIVe Accelerator Network	NBSB – Biodefense
Project BioShield
Find Us On SAM
ASPR Grant Opportunities


Overview
Technical Assistance and Information Management	GIS-Based Tools
ASPR TRACIE	HHS emPOWER Program
Regional Emergency Coordinators	GeoHEALTH
ASPR Ready	COVID-19 Test to Treat Locator
Training	COVID-19 Therapeutics Locator
HHS emPOWER Program Web-Based Training	Threat-specific Tools
Strategic National Stockpile Course Listing	CHEMM: Chemical Hazards Emergency Medical Management
Addressing the Needs of Older Adults in Disasters Web Based Training	REMM: Radiation Emergency Medical Management
Access and Functional Needs Web-Based Training
Risk Assessment Tools
Risk Identification and Site Criticality (RISC 2.0)


ASPR COVID-19 Response
For Health Care Professionals
For Patients
Test to Treat

NAVIGATION

Blog Home

ASPR Blog

The Internet touches almost all aspects of everyone’s daily life, whether we realize it or not. With a world that’s more connected than ever, cybersecurity matters whether you’re with a government agency or a private company.

Alarmingly, criminal cyberattacks against healthcare organizations are up 125 percent compared to five years ago, replacing lost laptops as the top cause of breaches, according to the Ponemon Institute’s Fifth Annual Benchmark Study on Privacy and Security of Healthcare Data. The survey also showed that the average consolidated total cost of a data breach was $3.8 million, a 23 percent increase from 2013.

What can we do about it? Some very basic best practices can make a significant difference in protecting businesses and government agencies (and your home computer system). These basic best practices – like keeping software patches and antivirus definitions up-to-date, training users to spot e-mail phishing attempts, and making use of a variety of strong passwords for on-line accounts – can be done by the smallest organizations and even at home so you can stay protected and connected. For more tips, check out this helpful list from www.healthit.gov, as well as these cybersecurity games.

To combat cyberattacks at a healthcare system level, public and private organizations have to work together and share information about cyber threats and best practices in cybersecurity. In a study this year by the Healthcare Information Management Systems Society, a majority of respondents said that information sharing was beneficial to their organizations, and 60 percent cited peers as sources of cyber threat information.

To identify the cybersecurity information needs and gaps of hospitals and other healthcare organizations across the country, ASPR has engaged one of the most wired health care systems in the country, the Harris Health System in and around Houston, Texas.

Over the next year, Harris Health experts not only will identify needs and gaps but also will propose a strategy for enhancing the sharing of cybersecurity information among the federal government and private sector partners to better protect the critical cyber infrastructure of the nation’s health care system. This activity is aligned with HHS’s commitment to support, promote, and enhance the information sharing capability of the healthcare and public health sector, as called for in the Nationwide Interoperability Roadmap recently released by HHS’s Office of the National Coordinator for Health Information Technology.

HHS currently shares information on cyber security threats with state and local agencies and private industry through the Homeland Security Information Network. Health sector CIOs and CISOs with a need to know cybersecurity information, can contact cip@hhs.gov to learn more.

HHS has also formed a cybersecurity working group for companies and agencies in health care and public health. Chief Information Officers and Chief Information Security Officers in the healthcare and public health sector – government agencies, hospitals, healthcare organizations, nursing homes, dialysis providers, insurers, biopharmaceutical companies, medical device manufacturers, health IT developers, and more – are welcome to join the working group.

Participants will discuss how the sector can enhance cybersecurity information sharing, manage cyber risks, and apply the Cybersecurity Framework (the national standard for cybersecurity across all economic sectors) to the diverse organizations that make up the healthcare and public health sector . Encourage your CIO or CISO to contact cip@hhs.gov to learn more. ASPR and other HHS agencies are conducting internal planning, too, on how to respond best to cyber incidents and are developing resources to help private sector partners to protect their systems. Check out phe.gov/cip for the latest guidance, guides and checklists.