Healthcare and Public Health Cybersecurity
ASPR Serves as the Sector Risk Management Agency for the Health Care and
Public Health Sector to Protect Patient Health and Safety
Health Care Sector Cybersecurity: Introduction to the Strategy of the U.S. Department of Health and Human Services
A new concept paper from HHS provides an overview of recommended solutions to help the health care and public health sector address cybersecurity threats, protect patients, and secure vital business data.
Read the Full Paper
The Healthcare and Public Health (HPH) sector continues to experience increasingly sophisticated cyberattacks that exploit complex, interconnected IT systems at hospitals and health care facilities. Nationwide, health care and public health IT infrastructures suffer from many common vulnerabilities: underfunded cybersecurity programs, vulnerable legacy systems, a growing need for skilled cybersecurity professionals, and network-connected medical technologies, including medical devices.
These cyberattacks against the HPH sector are growing both in numbers and severity, with the frequency of cyberattacks on hospitals and health systems more than doubling from 2016 to 2021. The HPH sector experienced a 42 percent increase in ransomware attacks in 2022 compared to 2021. The cost of an average health care data breach has reached $10.93 million, according to a report from IBM Security. That’s an 8% jump from a year ago, when the average cost topped $10 million for the first time. In health care, cyber risks are patient risks – unlike other more typical industries impacted by cybersecurity threats (e.g., energy, finance), disruptions in health care could cost lives.
ASPR has worked with our partners in HHS, across the federal government, and with industry to develop resources to help hospitals and health care facilities protect themselves and their patient’s from cyber attacks.
ASPR leads the HHS divisions and works with our public and private partners to provide guidance and support to help enhance cybersecurity for the health care and public health sectors.
Learn more about ASPR's role in cybersecurity
Learn to Improve Cybersecurity and Cyber Defense