HHS Launches Health Care Cybersecurity Training, Hospital Risk Analysis

April 17, 2023

The federal government today announced free training for health care workers to address the rise of health care cyberattacks, as well as a review of the ways hospitals can stay protected.

The resources are part of the federal government’s 405(d) initiative that provides the health care and public health sector with the tools to defend against emerging cyber threats. As health care becomes more digitally oriented via telehealth, hospital-at-home, and electronic medical records, the pathways for potential cybercrimes only grow, federal leaders said today.

“Cyberattacks are one of the biggest threats facing our health care system today, and the best defense is prevention,” said U.S. Department of Health and Human Services (HHS) Deputy Secretary Andrea Palm.

Here’s what you need to know:

• A new educational toolkit:  The federal government’s free Knowledge on Demand educational platform for health care workers focuses on five cybersecurity topics: social engineering, ransomware, loss or theft of equipment or data, insider accidental or malicious data loss, and attacks against network connected medical devices.
• Taking action:  A new federal report outlines how health care organizations can implement basic best cybersecurity practices and establish zero-trust strategies.
• Hospital cyber resilience:  Another new report—Hospital Cyber Resiliency Initiative Landscape Analysis—analyzes data from hundreds of hospitals and outlines how hospital resiliency initiatives compare against industry standards.
• Bottom line:  Hospitals need dedicated cybersecurity policies and procedures to defend against cyberattacks, particularly with the rise in ransomware attacks that seek to disrupt clinical operations.
• Quotable:  “Staying current and responsive to evolving cyber threats is critical to protecting patient safety,” said Erik Decker, vice president and chief information security officer, Intermountain Health, and chair, Health Sector Coordinating Council Cybersecurity Working Group.

Additional information about the new federal resources and reports is available online.

HAP continues to monitor the latest cybersecurity developments and provide updates to members. For more information about health care cybersecurity, contact Jason Tomashunas, MS, CHEP, HAP manager, emergency management.

Additionally, John Riggi, the American Hospital Association's (AHA) senior advisor for cybersecurity and risk, is able to assist AHA members with expertise and resources about health care cybersecurity.