HHS Funding to Combat Rising Healthcare Cybersecurity Issues

The Department of Health and Human Services recently announced new funding opportunities that will work to strengthen current healthcare cybersecurity measures.
In an effort to better meet the current healthcare cybersecurity threats, the Department of Health and Human Services’ (HHS) Office of the National Coordinator for Health Information Technology (ONC) and the Assistant Secretary for Preparedness and Response (ASPR) released two funding opportunities for an Information Sharing and Analysis Organization (ISAO) in the healthcare industry.

In the first year, the combined funding opportunities will be worth $250,000, according to an HHS statement, and could be renewed for up to five years.

The funding opportunities are also asking an existing ISAO or Information Sharing and Analysis Center (ISAC) to provide cybersecurity information and education on the current cyber threats affecting the healthcare industry. Furthermore, the ISAO or ISAC should facilitate information sharing widely within the industry for organizations of all sizes.

HHS added that it will also be important for the ISAO or ISAC to ensure that data about healthcare cybersecurity awareness is available to all entities in the healthcare or public health sector by expanding outreach and educational opportunities. The ISAO or ISAC also needs to equip industry stakeholders so they can properly respond to any received cyber threat information.

“Establishing robust threat information sharing infrastructure and capability within the Healthcare and Public Health Sector is crucial to the privacy and security of health information, which is foundational to the digital health system,” National Coordinator for Health IT Karen DeSalvo, M.D., M.P.H., M.Sc., explained in a statement. “This coordinated resource will focus on sharing the most up-to-date threat information across the health and public health sectors and will better equip health systems to identify potential threats and further protect electronic health information.”

This is an important move for the healthcare industry, HHS said, especially with the Cybersecurity Information Sharing Act (CISA) recently being signed. CISA directs the Department of Homeland Security and other agencies to work on developing the necessary tools to properly combat the evolving cybersecurity threats.

Information sharing and collaboration on the latest cybersecurity issues will be essential for industries, healthcare included, to strengthen their defense measures.

DeSalvo and Assistant Secretary for Preparedness and Response (ASPR) Nicole Lurie, M.D., M.S.P.H, wrote in a blog post that this is just the latest step in fighting against healthcare cybersecurity threats, but is an important one.

“In short, the ISAO will create a more robust cyber information sharing environment, especially for smaller entities that may not have the resources to access such information on their own, by leveraging existing relationships,” the duo explained. “Through the resulting streamlined cyber threat information sharing process, HHS will be able to send cyber threat information to a single entity, which will be able to share that information widely to support stakeholders.”

Coordinating with with ASPR on key healthcare cybersecurity issues was also discussed in the latest ONC Interoperability Roadmap, DeSalvo and Lurie said. ONC has been working with numerous agencies, including ASPR, the Office of the Assistant Secretary for Administration (ASA), the Office of the Chief Information Officer’s (OCIO) Office of Information Security (OIS), and the Office of Security and Strategic Information’s (OSSI) Cyber Threat Intelligence Program (CTIP), on this topic for the past three years.

“To better prevent attacks on health information technology, organizations need better visibility into what to expect and how to respond,” they wrote. “Timely information on the nature of attacks is critical to that ability.”


Leave a Reply