Skip to content Skip to navigation

HHS Funds “Cooperative Agreements” for Cybersecurity Support

October 4, 2016
by Rajiv Leventhal
| Reprints

The U.S. Department of Health and Human Services (HHS) has awarded “cooperative agreements” totaling $350,000 with the aim to strengthen the ability of healthcare and public health sector partners to respond to cybersecurity threats.

The agreements will look to foster the development of a more vibrant cyber information sharing ecosystem within healthcare and public health sector, HHS officials said in a press release.

More specifically, HHS’ Office of the National Coordinator for Health Information Technology (ONC) awarded a cooperative agreement to the National Health Information Sharing and Analysis Center (NH-ISAC) of Ormond Beach, Fla., to provide cybersecurity information and education on cyber threats to healthcare sector stakeholders. HHS’ Office of the Assistant Secretary for Preparedness and Response (ASPR) awarded a cooperative agreement to NH-ISAC to help build the infrastructure necessary to disseminate cyber threat information securely to healthcare partners. ASPR’s role is to lead HHS in preparing the nation to respond to and recover from adverse health effects of emergencies, supporting communities’ ability to withstand adversity, strengthening health and response systems, and enhancing national health security. 

Through a streamlined cyber threat information sharing process, the plan is for HHS to send cyber threat information to a single entity, which then will share that information widely to support the full range of stakeholders. This approach helps ensure that smaller healthcare providers have the information they need to take appropriate action, HHS stated.

The agreements also will aim to help build the capacity of NH-ISAC to receive cyber threat information from member healthcare entities. Information about any system breaches and ransomware attacks will be relayed through a more robust cyber information sharing environment, as will information about steps healthcare entities should take to protect their health information technology systems, the agency said.

HHS officials noted how security breaches and ransomware attacks on the public healthcare system have been on the rise in recent years, as has the average cost associated with these attacks. So far in 2016, third-party data breaches have impacted 4.5 million patients, according to a recent report from Protenus and And, the Ponemon 2016 Cost of Data Breach study found that the average cost of a data breach for companies surveyed has grown to $4 million, representing a 29 percent increase since 2013.

“These agreements mark a critical first step toward addressing the growing threat cybersecurity poses to the healthcare and public health sector,” Nicole Lurie, HHS’ assistant secretary for preparedness and response, said in a prepared statement. “Creating a more robust exchange about cybersecurity threats will help the industry prevent, detect and respond to these threats and better protect patients’ privacy and personally identifiable information.”

“The security of electronic health information is foundational to our increasingly digitized health system,” added Vindell Washington, M.D., National Coordinator for Health IT. “This funding will help healthcare organizations of all sizes more easily and effectively share information about cyber threats and responses in order to protect their data and the health of their patients.”



EHNAC and HITRUST Combine HIPAA Security Criteria, CSF Framework

The Electronic Healthcare Network Accreditation Commission (EHNAC) and the Health Information Trust Alliance (HITRUST) announced plans to streamline their accreditation and certification programs.

Halamka on MACRA Final Rule: “CMS is Listening and I Thank Them”

Health IT notable expert John Halamka, M.D., CIO of Beth Israel Deaconess Medical Center in Boston, recently weighed in on the Medicare Access and CHIP Reauthorization Act (MACRA) final rule.

Texas Patient Care Clinic Hit with Ransomware Attack

Grand Prairie, Texas-based Rainbow Children's Clinic was the victim of a ransomware attack on its IT systems in August, affecting more than 33,000 patients, according to multiple news media reports this week.

Healthcare Organizations Again Go to Bat for AHRQ

Healthcare organizations are once again urging U.S. Senate and House leaders to protect the Department of Health and Human Services’ Agency for Healthcare Research and Quality (AHRQ) from more budget cuts for 2017.

ONC Pilot Projects Focus on Using, Sharing Patient-Generated Health Data

Accenture Federal Services (AFS) has announced two pilot demonstrations with the Office of the National Coordinator for Health Information Technology (ONC) to determine how patient-generated health data can be used by care teams and researchers.

Is it Unethical to Identify Patients as “Frequent Flyers” in Health IT Systems?

Several researchers from the University of Pennsylvania addressed the ethics of behavioral health IT as it relates to “frequent flyer” icons and the potential for implicit bias in an article published in JAMA.