The HHS #Cyber Team
Cyber Safety is Patient Safety!
HHS works as a team to help the Healthcare and Public Health (HPH) sector prepare for and respond to cyber threats.
The National Defense Authorization Act of 2021, Section 9002, identifies HHS as the lead agency for the Healthcare and Public Health (HPH) sector all-hazards risk management function, known as the Sector Risk Management Agency (SRMA). ASPR’s Office of Critical Infrastructure Protection within the Office of Preparedness, leads HHS divisions in collaborative efforts with federal, state, local, tribal, and territorial partners, and private sector owners/operators in executing the mandated responsibilities of the SRMA, including cybersecurity-related responsibilities and provides specialized sector-specific guidance, expertise, and supporting programs.
The HHS SRMA Cybersecurity Working Group
The HHS SRMA Cybersecurity Working Group (CWG) is the primary mechanism used to coordinate HHS’s execution of its statutory responsibility as the HPH SRMA. The CWG is the body that coordinates and collaborates across the HHS cyber community to identify cyber threats to the HPH sector, coordinates across HHS divisions to prepare for and mitigate potential or identified cyber incidents, shares information, and coordinates policy recommendations and messaging to strengthen and build resiliency within the HPH sector against cyber threats.
The following diagram explains the role that each partner plays on the HHS #Cyber Team. Select each partner to learn more about the partner’s role in helping the HPH Sector prepare for and respond to cyber threats.
The Administration for Strategic Preparedness and Response’s (ASPR) Office of Critical Infrastructure Protection (CIP) acts as the Sector Risk Management Agency (SRMA) on behalf of HHS for the Health Care and Public Health (HPH) sector, promotes resilience in the sector to manage risk, and coordinates an effective overall federal response to health security threats, to include cyber threats.
The Joint Cybersecurity Working Group
The Joint Cybersecurity Working Group is a public-private partnership with the private Health Sector Coordinating Council that provides a forum to discuss cybersecurity issues, and focuses on improving the security and resilience of HPH Sector information systems. The Working Group has multiple task groups supporting areas such as incident response and business continuity, legacy cybersecurity, vulnerability communications, supply chain cybersecurity, and incident response-business continuity.
Cyber Resources from ASPR