An official website of the United States government
Connecting the Healthcare and Public Health (HPH) Sector with specialized healthcare specific cybersecurity information & resources from across the U.S. Department of Health and Human Services and other federal agencies.
The U.S. Department of Health and Human services has a number of cybersecurity resources that can support your enterprise in its efforts to build a cyber resilient organization. These resources include best practice guidance, education, threat specific intelligence, and more to ensure you are staying up to date on the most pertinent cybersecurity resources available to support the HPH sector. The graphic below lists the many programs that offer healthcare focused cybersecurity resources and tools. Browse the graphic below to find the resources your organization needs, and remember Cyber Safety is Patient Safety.
The HHS 405(d) Program is a collaborative effort between the Health Sector Coordinating Council and the federal government to align healthcare industry security approaches by providing useful HPH-focused resources to help educate, raise awareness, and drive behavioral change
The Technical Resources, Assistance Center, and Information Exchange (TRACIE) was created to meet the information and technical assistance needs of regional ASPR staff, healthcare coalitions, healthcare entities, healthcare providers, emergency managers, public health practitioners, and others working in disaster medicine, healthcare system preparedness, and public health emergency preparedness.
The Healthcare and Public Health Sector protects all sectors of the economy from hazards such as terrorism, infectious disease outbreaks, and natural disasters.
This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders detailing various ransomware variants and ransomware threat actors.
The Food and Drug Administration (FDA) informs patients, healthcare providers and facility staff, and manufacturers about cybersecurity vulnerabilities for connected medical devices and requires that medical devices meet specific cybersecurity guidelines.
The Office for Civil Rights (OCR) administers and enforces the HIPAA Privacy, Security, and Breach Notification Rules through investigations, rulemaking, guidance, and outreach. The HIPAA Rules establish rights for individuals to their protected health information (PHI), requirements for HIPAA regulated entities on uses and disclosures of PHI, and privacy and security protections of PHI. OCR supports improved cybersecurity through cybersecurity investigations resolved with technical assistance, corrective action plans, or civil money penalties and by publishing cybersecurity resources for regulated entities and consumers through guidance, bulletins, newsletters, videos, and applications.
The Office of the National Coordinator for Health Information Technology (ONC) in the HHS Office of the Secretary, is a resource to the entire health system to support the adoption of health information technology and the promotion of nationwide, standards-based health information exchange to improve healthcare, including information privacy and security.
The National Defense Authorization Act of 2021, Section 9002, identifies HHS as the lead agency for the Healthcare and Public Health (HPH) sector all-hazards risk management function, known as the Sector Risk Management Agency (SRMA). ASPR’s Office of Critical Infrastructure Protection within the Office of Preparedness, leads HHS divisions in collaborative efforts with federal, state, local, tribal, and territorial partners, and private sector owners/operators in executing the mandated responsibilities of the SRMA, including cybersecurity-related responsibilities and provides specialized sector-specific guidance, expertise, and supporting programs.
The FBI’s cyber strategy is to impose risk and consequences on cyber adversaries. Our goal is to change the behavior of criminals and nation-states who believe they can compromise U.S. networks, steal financial and intellectual property, and put critical infrastructure at risk without facing risk themselves.
The Health Sector Cybersecurity Coordination Center (HC3) enriches and analyzes cyber security threat information to develop objective mitigations for and in collaboration with the health and public health sector. HC3 achieves this through directed engagements, action based alerts, and public threat briefings.
The Centers for Medicare & Medicaid Services (CMS) protects and controls the confidentiality, integrity, and availability of CMS information and information systems. CMS also works to promote cybersecurity and safe care in response to cyber threats across its programs, including Medicare, Medicaid, the Children’s Health Insurance Program, and the Health Insurance Marketplaces.
CDC is the nation’s leading science-based, data-driven, service organization that protects the public’s health.
The Advanced Research Projects Agency for Health (ARPA-H) launched the Digital Health Security (DIGIHEALS) project to ensure patients continue to receive care in the wake of a medical facility cyberattack.
The Office of National Security (ONS) conducts all-source intelligence analysis to inform HHS policy and drive operational planning activities. ONS executes its mission, through departmental and Intelligence Community coordination, by providing timely and relevant threat intelligence to HHS senior leaders and staff involved in executing the HPH SRMA mission.
