What to Know: A New Federal Cybersecurity Initiative

September 08, 2023

The federal government has launched a new department to address the growing cybersecurity threats against the U.S. health care system.

Last month, the U.S. Department of Health and Human Services announced the creation of the Digital Health Security (DIGIHEALS) project to protect the U.S. health care system’s electronic infrastructure.

“The DIGIHEALS project comes when the U.S. (health care) system urgently requires rigorous cybersecurity capabilities to protect patient privacy, safety, and lives,” said Dr. Renee Wegrzyn, director of the Advanced Research Projects Agency for Health (ARPA-H). “Currently, off-the-shelf software tools fall short in detecting emerging cyberthreats and protecting our medical facilities, resulting in a technical gap we seek to bridge with this initiative.”

Here’s what you need to know:

• Overall goal:  The new project aims to ensure patients receive care in the wake of a widespread cybersecurity attack on a medical facility. It also seeks to reduce the ability for bad actors to attack digital health software and enable the prevention of large-scale cyberattacks.
• Tactics:  The new project focuses on bedrock cybersecurity principles, such as security protocols, vulnerability detection, and automatic patching. There are other initiatives related to software-related weaknesses that affect patient safety and experience.
• Common concern:  Hacking is the most common in breach reports. During July, there were 49 incidents involving hacking reported to the federal Office of Civil Rights. These involved 18,083,328 health records, according to the HIPAA Journal.
• Quotable:  “By adapting and extending security, usability, and software assurance technologies, this digital health security effort will play a crucial role in addressing vulnerabilities in health systems,” said ARPA-H Program Manager Andrew Carney.

Additional information is available online.

For more information about health care cybersecurity, contact Jason Tomashunas, MS, CHEP, HAP manager, emergency management. John Riggi, the American Hospital Association’s senior advisor for cybersecurity and risk, also offers coverage and resources about health care cybersecurity.