HHS Cybersecurity Task Force releases new resources to help address rising threat of cyberattacks in health and public health sector

Sample article from our Health Care Sector

April 17, 2023 (press release) –

Effort is led by the HHS 405(d) Program and the Health Sector Coordinating Council Cybersecurity Working Group (HSCC CWG), as a collaborative effort between the federal government and industry, to address cybersecurity in the health sector

Resources include a new platform, Knowledge on Demand, to provide free cybersecurity training to the health sector workforce as well as an updated Health Industry Cybersecurity Practices 2023 Edition and a Hospital Cyber Resiliency Initiative Landscape Analysis

On April 17, 2023, The U.S. Department of Health and Human Services (HHS) 405(d) Program announced the release of the following resources to help address cybersecurity concerns in the Healthcare and Public Health (HPH) Sector:

  • Knowledge on Demand – a new online educational platform that offers free cybersecurity trainings for health and public health organizations to improve cybersecurity awareness.
  • Health Industry Cybersecurity Practices (HICP) 2023 Edition a foundational publication that aims to raise awareness of cybersecurity risks, provide best practices, and help the HPH Sector set standards in mitigating the most pertinent cybersecurity threats to the sector.
  • Hospital Cyber Resiliency Initiative Landscape Analysis - PDF – a report on domestic hospitals’ current state of cybersecurity preparedness, including a review of participating hospitals benchmarked against standard cybersecurity guidelines such as HICP 2023 and the National Institute of Standards and Technology Cybersecurity Framework (NIST CSF).

These efforts are a key part of the Administration’s work to secure all of our Nation’s critical infrastructure from cyber threats.

Knowledge on Demand

The Knowledge on Demand platform marks the first time HHS has offered free cybersecurity trainings to the health sector workforce and reflects the Department’s continued commitment to supporting the HPH Sector’s defense against cyberattacks.

This new Knowledge on Demand platform offers awareness trainings on these five cybersecurity topics: social engineering, ransomware, loss or theft of equipment or data, insider accidental or malicious data loss, and attacks against network connected medical devices.

“Cyberattacks are one of the biggest threats facing our health care system today, and the best defense is prevention,” said Deputy Secretary Andrea Palm. “These trainings will serve as an asset to any sized organization looking to train staff in basic cybersecurity awareness and are offered free of charge, ensuring that those hospitals and health care organizations most vulnerable to attack can take steps toward resilience. This is part of HHS’s continued commitment to working with hospitals, Congress, and industry leaders in protecting America’s patients.”

All available trainings including videos, job aids and PowerPoints, can be accessed and launched directly from the 405(d) website. The platform is also home to the newly updated Health Industry Cybersecurity Practices (HICP) 2023 Edition Publication.

Health Industry Cybersecurity Practices 2023 Edition

The HHS 405(d) Program was developed in response to the Cybersecurity Act of 2015. Under Section 405(d), HHS convened the 405(d) Task Group to enhance cybersecurity and align industry approaches by developing a common set of voluntary, consensus-based, and industry-led cybersecurity guidelines, practices, methodologies, procedures, and processes that health care organizations can use. These are available in the program’s cornerstone publication HICP, which was published in 2018.

HICP 2023 has been updated by over 150 industry and federal professionals to include the most relevant and cost-effective ways to keep patients safe and mitigate the current cybersecurity threats that the HPH sector faces. This new edition of HICP includes a discussion of the dangerous threat of social engineering attacks as one of the top five threats facing the sector. These attacks are an attempt to trick someone into revealing information (e.g., a password) that can be used to attack systems or networks or taking an action (e.g., clicking a link, opening a document).

“Staying current and responsive to evolving cyber threats is critical to protecting patient safety. HICP 2023 is the updated version that our industry needs to make sure they are applying scarce resources to the highest threat. This will give the most underserved hospitals the best return on investment for cyber investment,” saidErik Decker, Vice President and Chief Information Security Officer of Intermountain Health and Chair of the Health Sector Coordinating Council Cybersecurity Working Group, Salt Lake City, UT.

Hospital Cyber Resiliency Landscape Analysis

The Hospital Cyber Resiliency Initiative Landscape Analysis leverages HICP 2023 to provide an overview of how U.S. hospitals are or are not protected against common cybersecurity threats. The report analyzes data from hundreds of hospitals, representing a diverse mix of hospital types and geographies, to identify both best practices and opportunities for improvement in hospital cyber resiliency.

“The Hospital Cyber Resiliency Initiative Landscape Analysis greatly furthers our understanding of hospital cyber resiliency and provides us with a platform to begin working through potential policy considerations and minimum standards to better support cybersecurity in U.S. hospitals. We look forward to working with hospitals, Congress, and the information security community as we look to improve cyber resiliency and protect patient safety and wellbeing.” said Deputy Secretary Andrea Palm.

HHS encourages all HPH Sector leaders to access these new resources to begin assessing their organizations’ cybersecurity programs. Cybersecurity requires us to be flexible and preemptive and HHS looks forward to helping the HPH sector uphold patient safety. To access these resources please visit the HHS 405(d) Website at 405d.hhs.gov.

* All content is copyrighted by Industry Intelligence, or the original respective author or source. You may not recirculate, redistrubte or publish the analysis and presentation included in the service without Industry Intelligence's prior written consent. Please review our terms of use.

See our dashboard in action - schedule an demo
Dan Rivard
Dan Rivard
- VP Market Development -

We offer built-to-order health care sector coverage for our clients. Contact us for a free consultation.

About Us

We deliver market news & information relevant to your business.

We monitor all your market drivers.

We aggregate, curate, filter and map your specific needs.

We deliver the right information to the right person at the right time.

Our Contacts

1990 S Bundy Dr. Suite #380,
Los Angeles, CA 90025

+1 (310) 553 0008

About Cookies On This Site

We collect data, including through use of cookies and similar technology ("cookies") that enchance the online experience. By clicking "I agree", you agree to our cookies, agree to bound by our Terms of Use, and acknowledge our Privacy Policy. For more information on our data practices and how to exercise your privacy rights, please see our Privacy Policy.