HHS Launches New Website to Align Healthcare Cybersecurity

December 06, 2021 - HHS launched a new website for its 405(d) Program with the goal of aligning healthcare cybersecurity across the industry. Under the Cybersecurity Act of 2015, HHS established the 405(d) Aligning Health Care Industry Security Approaches Program and the 405(d) Task Group, which is comprised of more than 150 industry and government experts.

The program aims to uphold the motto that “cyber safety is patient safety,” and its website contained resources, videos, products, and tools to help raise awareness and promote cybersecurity best practices, the HHS announcement stated.

“Healthcare professionals understand the importance of hand washing when it comes to mitigating the spread of diseases. Similarly, we know that cybersecurity practices reduce the risk of cyber-attacks and data breaches,” the website maintained.

“Just like washing your hands before caring for patients can reduce viruses, good cybersecurity practices can reduce cybersecurity threats and vulnerabilities.”

The site offers documents and videos outlining best practices, top threats facing the healthcare sector, stakeholder roles and responsibilities, and enterprise security risk management.

In addition, the site makes a case for why healthcare professionals should care about cybersecurity. The average cost of a data breach in 2020 was $7.13 million, and organizations that make no effort to protect patient data could be fined up to $1.5 million per year under HIPAA, the website warns.

“Effective cybersecurity is a shared responsibility. Everyone should be involved in maintaining a cyber-secure environment, especially doctors, nurses, administrators, and security information officers, in order to protect the patients’ medical and personal digital data,” the website stated.

“It is an ongoing battle, because hackers constantly find creative ways to defeat cyber threat defense initiatives. Healthcare organizations increasingly transmit data electronically, through mobile devices, cloud-based applications, medical devices, and technology infrastructures.”

Sharon Klein, attorney and chair of Blank Rome’s privacy, security, and data practice is a member of the 405(d) Task Force. Klein previously told HealthITSecurity that financial strain caused by COVID-19, emerging technologies that come with security risks, and unauthorized disclosure incidents remain some of the top challenges for the healthcare sector.

“It takes money to do security well,” Klein noted. Investing in cybersecurity upfront can save organizations millions in the long run while protecting patient data and avoiding compliance issues.

The 405(d) Program website can help organizations improve their security posture by educating them on the risks of ransomware, phishing, and medical device security vulnerabilities.

“The new 405(d) Program website is a step forward for HHS to help build cybersecurity resiliency across the Healthcare and Public Health Sector. This is also an exciting moment for the HHS Office of the Chief Information Officer in our ongoing partnership with industry,” Christopher Bollerer, HHS acting chief information security officer, stated in the announcement.

The website will house all future 405(d) Program resources, newsletters, videos, and products.

“It’s a unique space where the healthcare industry can access vetted cybersecurity practices specific to the HPH sector on a federal government website,” Erik Decker, 405(d) Task Group industry co-lead concluded.

“I think it’s a great resource for the HPH sector to turn to and will surely be a go-to site for organizations that want to better protect their patients and facilities from the latest cybersecurity threats.”