The U.S. Department of Health and Human Services (HHS) has awarded “cooperative agreements” totaling $350,000 with the aim to strengthen the ability of healthcare and public health sector partners to respond to cybersecurity threats.
The agreements will look to foster the development of a more vibrant cyber information sharing ecosystem within healthcare and public health sector, HHS officials said in a press release.
More specifically, HHS’ Office of the National Coordinator for Health Information Technology (ONC) awarded a cooperative agreement to the National Health Information Sharing and Analysis Center (NH-ISAC) of Ormond Beach, Fla., to provide cybersecurity information and education on cyber threats to healthcare sector stakeholders. HHS’ Office of the Assistant Secretary for Preparedness and Response (ASPR) awarded a cooperative agreement to NH-ISAC to help build the infrastructure necessary to disseminate cyber threat information securely to healthcare partners. ASPR’s role is to lead HHS in preparing the nation to respond to and recover from adverse health effects of emergencies, supporting communities’ ability to withstand adversity, strengthening health and response systems, and enhancing national health security.
Through a streamlined cyber threat information sharing process, the plan is for HHS to send cyber threat information to a single entity, which then will share that information widely to support the full range of stakeholders. This approach helps ensure that smaller healthcare providers have the information they need to take appropriate action, HHS stated.
The agreements also will aim to help build the capacity of NH-ISAC to receive cyber threat information from member healthcare entities. Information about any system breaches and ransomware attacks will be relayed through a more robust cyber information sharing environment, as will information about steps healthcare entities should take to protect their health information technology systems, the agency said.
HHS officials noted how security breaches and ransomware attacks on the public healthcare system have been on the rise in recent years, as has the average cost associated with these attacks. So far in 2016, third-party data breaches have impacted 4.5 million patients, according to a recent report from Protenus and DataBreaches.net. And, the Ponemon 2016 Cost of Data Breach study found that the average cost of a data breach for companies surveyed has grown to $4 million, representing a 29 percent increase since 2013.
“These agreements mark a critical first step toward addressing the growing threat cybersecurity poses to the healthcare and public health sector,” Nicole Lurie, HHS’ assistant secretary for preparedness and response, said in a prepared statement. “Creating a more robust exchange about cybersecurity threats will help the industry prevent, detect and respond to these threats and better protect patients’ privacy and personally identifiable information.”
“The security of electronic health information is foundational to our increasingly digitized health system,” added Vindell Washington, M.D., National Coordinator for Health IT. “This funding will help healthcare organizations of all sizes more easily and effectively share information about cyber threats and responses in order to protect their data and the health of their patients.”