News Feature | October 10, 2016

HHS Funnels Funding Into Cybersecurity For Health Sector

Christine Kern

By Christine Kern, contributing writer

Procurement Cybersecurity

A total of $350,000 in awards will help strengthen cybersecurity response in healthcare.

Cyberthreats in healthcare are an escalating and troublesome threat. From data breaches at Anthem or Banner Health to ransomware attacks like at Hollywood Presbyterian, healthcare providers are being hit hard by cybercriminals determined to profit from the wealth of valuable protected personal information handled by them on a daily basis. In fact, as Health IT Outcomes reported, healthcare continues to be the top cyber attack target, with almost 90 percent of ransomware attacks during the second quarter of 2016 affecting healthcare entities.

A recent Ponemon Institute study found the incidence of healthcare-related cyberattacks grew 125 percent between 2010 and 2015. Last year, 91 percent of healthcare organizations and 59 percent of affiliated businesses suffered a data breach, at an average cost of $3.8 million per attack.

To help the healthcare industry address this increasing threat, the U.S. Department of Health and Human Services (HHS) has announced a total of $350,000 in awards designed to strengthen the cybersecurity response across healthcare. According to the press release, these agreements will serve to “foster the development of a more vibrant cyber information sharing ecosystem within the healthcare and public health sector.”

Among the award are a cooperative agreement made by HHS’ Office of the National Coordinator for Health Information Technology (ONC) to the National Health Information Sharing and Analysis Center (NH-ISAC) of Ormond Beach, FL to provide cybersecurity information and education on cyber threats to healthcare sector stakeholders; and a cooperative agreement by HHS’ Office of the Assistant Secretary for Preparedness and Response (ASPR) to NH-ISAC to help build the infrastructure necessary to disseminate cyber threat information securely to healthcare partners.

“These agreements mark a critical first step toward addressing the growing threat cybersecurity poses to the health care and public health sector,” said Dr. Nicole Lurie, HHS’ assistant secretary for preparedness and response. “Creating a more robust exchange about cybersecurity threats will help the industry prevent, detect and respond to these threats and better protect patients’ privacy and personally identifiable information.”

“The security of electronic health information is foundational to our increasingly digitized health system,” said Dr. Vindell Washington, national coordinator for health information technology. “This funding will help healthcare organizations of all sizes more easily and effectively share information about cyber threats and responses in order to protect their data and the health of their patients.” 

With the cost of cyber breaches averaging $3.8 million per attack, the ability to protect against them is an essential element of doing business. The agreements will help to promote a streamlined cyber threat information sharing process that will help to inform other healthcare organizations about potential and real cyber threats and promote the ability to proactively respond. This will especially benefit smaller healthcare entities that may lack adequate resources to contract information sharing and analysis organizations that can provide this information.