Clicky

mobile btn
Friday, November 22nd, 2024

HHS releases voluntary healthcare performance goals for cybersecurity improvements

© Shutterstock

Eying ways to improve cybersecurity among healthcare operations nationwide, the U.S. Health and Human Services’ (HHS) Administration for Strategic Preparedness and Response (ASPR) released new voluntary performance goals and a new gateway website this week.

“We have a responsibility to help our health care system weather cyber threats, adapt to the evolving threat landscape, and build a more resilient sector,” HHS Deputy Secretary Andrea Palm said. “The release of these cybersecurity performance goals is a step forward for the sector as we look to propose new enforceable cybersecurity standards across HHS policies and programs that are informed by these CPGs.”

These goals were healthcare-specific cybersecurity performance goals (CPGs). The new website will help Health Care and Public Health (HPH) sector organizations deploy high-impact cybersecurity practices and increase access to the various cybersecurity resources offered by HHS and its federal partners. HHS is prioritizing the implementation of high-impact cybersecurity practices to better protect the sector from cyberattacks, improve its responses to attacks, and minimize residual risk.

The CPGs will offer layered protection at various points of weakness throughout different organizations’ technology environments. They include both goals for minimum foundational practices and improved goals to encourage organizations to adopt more advanced practices.

“ASPR is leading this sector-wide effort to protect our nation’s health infrastructure against ever-increasing and complex cyber-attacks,” Assistant Secretary for Preparedness and Response Dawn O’Connell said. “The actions announced today make it easier for health care organizations to protect patients by prioritizing those key cybersecurity practices upon which they should focus their efforts.”

Layered protection is the ultimate goal with this release, to offer redundancies against any one compromised defense, and to offer backups against threats’ penetration capabilities.