CISA, HHS Collaborate on Healthcare Cybersecurity Toolkit

October 26, 2023 - HHS and the Cybersecurity and Infrastructure Security Agency (CISA) teamed up to release a healthcare cybersecurity toolkit consisting of key resources for managing and mitigating cyber risk in the healthcare and public health sector. The toolkit signifies a growing partnership between the two agencies, both of which play crucial roles in providing security guidance to the healthcare sector.

CISA and HHS unveiled the toolkit ahead of a roundtable discussion between the two agencies, held on October 25, where representatives discussed how government and industry can work together to close cyber gaps.

“We have seen a significant rise in the number and severity of cyber attacks against hospitals and health systems in the last few years,” Andrea Palm HHS deputy secretary, said in the press release announcing the toolkit.

“These attacks expose vulnerabilities in our healthcare system, degrade patient trust, and ultimately endanger patient safety. The more they happen, and the longer they last, the more expensive and dangerous they become.”

As a result, HHS and CISA joined forces to raise awareness of the resources available to the sector to help uplift its security posture.

“HHS is working closely with CISA and our industry partners to deliver the tools, resources, and guidance needed to help healthcare organizations, especially our under-resourced hospitals and health centers, mount a strong cyber defense and protect patient lives,” Palm continued.

The toolkit, which can be found on CISA’s website, consolidates industry and government resources such as CISA’s cyber hygiene services, HHS’s Health Industry Cybersecurity Practices (HICP), and HHS and the Health Sector Coordinating Council’s (HSCC) HPH Sector Cybersecurity Framework Implementation Guide.

The toolkit aims to help healthcare organizations with everything from basic cyber hygiene to implementing complex tools.

“We continue to work diligently with our partners at HHS and in the healthcare sector to secure our health organizations not only in the United States, but across the globe through our collaboration tools,” said CISA Deputy Director Nitin Natarajan.

Experts have long advocated for more collaboration between HHS, the federal government’s healthcare arm, and CISA, the government’s infrastructure security leader.  What’s more, the White House has made it clear that stronger healthcare cybersecurity standards and guidance are on the horizon in coming years.

This toolkit and roundtable discussion further cemented the cross-agency collaboration and could signal that additional guidance from this partnership will emerge.