The U.S. Department for Health and Human Services (HHS) has issued a set of voluntary cybersecurity goals developed for the healthcare sector. The goals are part of a broader cybersecurity focus from the Biden Administration. According to a statement from HHS, cybersecurity lapses have led to “extended care disruptions, patient diversions to other facilities, and delayed medical procedures, all putting patient safety at risk.”
“Hospitals across the country have experienced cyberattacks, leading to cancelled medical treatments and stolen medical records,” Anne Neuberger, Deputy National Security Adviser for Cyber and Emerging Technologies said via a statement.
The goals were issued in the wake of a 93% increase in “large breaches” between 2018 and 2022, including a 278% increase in large breaches involving ransomware. The new goals include a mix of protection, response and mitigation strategies, and are divided into two categories: “Essential Goals” and “Enhanced Goals”.
Essential Goals help healthcare organizations address common vulnerabilities by setting a floor of safeguards that will better protect them from cyberattacks, improve response when events occur, and minimize residual risk. Several should be relatively inexpensive to implement, such as those calling for basic cybersecurity training, email-related and other identity theft prevention and credential revocation protocols.
