U.S. Department of Health & Human Services


Overview
About Us	Join and Connect	Stay Up-To-Date
Strategic Plan \| 2022-2026	ASPR Careers	Newsroom
Leadership Biographies	Boards and Committees	Blog
Organization Chart	Partnering with ASPR
Budget and Funding


Overview
Join. Train. Respond.	Response Resources	Law and Strategy
National Disaster Medical System	Cybersecurity	Public Health Emergency Declarations
Medical Reserve Corps	At-Risk Individuals	Section 1135 Waivers
ESAR-VHP	Disaster Behavioral Health	National Response Framework and Emergency Support Function 8
	Emergency Prescription Assistance Program	Legal Authorities, Policies, and Strategies
	National Emergency Telemedicine Network
	ASPR TRACIE


Overview
Health Care Readiness	Programs and Activities	Resources and Funding	Related Programs
Stories from the Field	Hospital Preparedness Program	Health Care Readiness Funding	Critical Infrastructure Protection
Health Care Readiness Near You	Regional Disaster Health Response System	COVID-19 Health Care Preparedness and Response	Health and Social Services Recovery
	National Special Pathogen System	Health Care Readiness Program Webinars
	Workforce Capacity and Capability	Performance Measures, Guidance, and Reports


Overview
Medical Countermeasures	Biodefense
Project NextGen	Industrial Base Expansion
BARDA	S3: Science, Safety, and Security
Doing Business with BARDA	Strategic Planning and Committees
Strategic National Stockpile	Legal Authorities, Policies, and Strategies


Overview
Partnership Opportunities	Professional Resources	Join Us
Medical Countermeasures TechWatch	ASPR TRACIE	National Disaster Medical System
EZ-BAA: BARDA DRIVe Easy Broad Agency Announcement	National Emerging Special Pathogens Training and Education Center	Medical Reserve Corps
BARDA Broad Agency Announcement	Critical Infrastructure Protection	ESAR-VHP
IBx Connect	Boards and Committees
Blue Knight	NACCD - Children and Disasters
CARB-X	NACIDD - Disabilities and Disasters
BARDA Ventures	NACSD - Seniors and Disasters
BARDA DRIVe Accelerator Network	NBSB – Biodefense
Project BioShield
Find Us On SAM
ASPR Grant Opportunities


Overview
Technical Assistance and Information Management	GIS-Based Tools
ASPR TRACIE	HHS emPOWER Program
Regional Emergency Coordinators	GeoHEALTH
ASPR Ready	COVID-19 Test to Treat Locator
Training	COVID-19 Therapeutics Locator
HHS emPOWER Program Web-Based Training	Threat-specific Tools
Strategic National Stockpile Course Listing	CHEMM: Chemical Hazards Emergency Medical Management
Addressing the Needs of Older Adults in Disasters Web Based Training	REMM: Radiation Emergency Medical Management
Access and Functional Needs Web-Based Training
Risk Assessment Tools
Risk Identification and Site Criticality (RISC 2.0)


ASPR COVID-19 Response
For Health Care Professionals
For Patients
Test to Treat

NAVIGATION

Blog Home

ASPR Blog

Implementing effective strategies and safeguards to address cybersecurity threats is a challenge for any industry, but the size and scope of attacks on health care information systems have grown rapidly in the past two years. Health care data can be used for to commit fraud or identity theft. It can also be used to disrupt of hospital systems. Connected medical devices with cybersecurity vulnerabilities left unaddressed could pose a risk to patient safety. Security of health care data and medical devices is essential to protecting patients and providing them with the highest level of care.

The Health Care Industry Cybersecurity Task Force is looking for your input to help improve cybersecurity across the industry. The Task Force is working to help identify risks, gaps, challenges, and best practices related to cybersecurity issues in the health care sector.

If you have an interest and expertise in health information technology, please help us better understand how you evaluate and mitigate risks related to cybersecurity in the health care sector and what gaps you think still remain.

Please take a few minutes to answer any or all of the following questions in comment to this blog. We are working to stimulate discussion and share the best ideas, so your responses may be made public. Please do not include any propriety, personal/private, sensitive, or confidential information.

What are the top cybersecurity risks and concerns unique to the health care sector?
What best practices are currently being employed by other sectors that might help us improve the security of the health care sector?
What are the biggest gaps and challenges for the development and deployment of medical devices and electronic health records?
How can the health care sector be better educated with regard to cybersecurity?
What challenges do health care sector organizations have to overcome in order to share cyber related incidents with a consortium?

Enhancing cybersecurity in the health care sector can help reduce risks for the industry and give patients peace of mind. The Task Force will use these inputs to augment its work and to support the broader goals of gathering information to disseminate to health care industry stakeholders; creating a single system for the Federal Government to share actionable cyber threat information; and developing the final report to Congress.

The Health Care Industry Cybersecurity Task Force was established by the U.S. Department of Health and Human Services in March 2016 per the Cybersecurity Information Sharing Act of 2015. The Secretary of Health & Human Services, in coordination with the Department of Homeland Security and the National Institutes of Standards and Technology, selected a broad array of expert representatives from the Federal Government, private sector health care organizations, other public and private sector experts on information technology and cybersecurity.

The Task Force holds monthly meetings to review its progress and identify concerns and practices both internal and external to the health care sector. The Task Force opens its meetings to the public on a quarterly basis. During the April and July meetings the Task Force received briefings from Federal leadership about the importance of cybersecurity for the health care sector, gained insight about the processes and best practices of other sectors, and reviewed the results of cybersecurity exercises and medical device workshops.

As Acting Assistant Secretary Mary K. Wakefield has indicated when she announced the formation of the Task Force, we need to protect the data that is at the foundation of our health care system. With your input, we hope to do that more effectively and find more efficient ways for the industry as a whole to protect health care information.