Recently published federal healthcare and public health sector-specific voluntary cybersecurity performance goals

Listen to article
10 minute read

On December 6, 2023, the U.S. Department of Health and Human Services (HHS) released a Healthcare Sector Cybersecurity strategy paper.[1] This paper outlines HHS’s goal to establish voluntary cybersecurity performance goals (CPGs) in alignment with the healthcare industry input, to enhance cybersecurity within the healthcare and public health (HPH) sectors. Since 2003, the federal government's Cybersecurity and Infrastructure Security Agency (CISA) Healthcare and Public Health Sector has been recognized by the federal government as one of 16 critical infrastructure sectors identified as being so vital to the U.S. that their incapacitation or destruction would have a debilitating effect on national security and public health or safety. This paper was largely in response to the White House’s March 2023 publication of its National Cybersecurity Strategy which outlined the administration’s priorities regarding cyber resiliency in the U.S. by stating “Cybersecurity is essential to the basic functioning of our economy, the operation of our critical infrastructure, the strength of our democracy and democratic institutions, the privacy of our data and communications, and our national defense.”[2]

The paper also built upon a July 2021 White House “National Security Memorandum Improving Cybersecurity for Critical Infrastructure Control Systems.”[3] This memorandum outlined a series of actions that needed to be taken by the federal government to develop general (e.g., non-sector-specific) CPGs that would be consistent across all critical infrastructure sectors. CISA, in coordination with the National Institute of Standards and Technology (NIST), was tasked with developing these non-sector-specific CPGs. NIST is a nonregulatory federal agency within the U.S. Department of Commerce whose mission is to promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life.

On January 24—49 days after issuance of the strategy paper—HHS published the HPH CPGs along with a new “gateway website” designed to assist healthcare organizations in prioritizing implementation of the CPGs and easily access pertinent resources that could be used by organizations when implementing both the essential and enhanced CPGs.[4]

This document is only available to members. Please log in or become a member.

Would you like to read this entire article?

If you already subscribe to this publication, just log in. If not, let us send you an email with a link that will allow you to read the entire article for free. Just complete the following form.

* required field