Skip to main content

An official website of the United States government

U.S. Department of Health & Human Services

Official websites use .gov

A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS

A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.


FOR IMMEDIATE RELEASE

Thursday, March 5, 2026 

Contact ASPR Press Office
ASPRMedia@hhs.gov
aspr.hhs.gov/newsroom
X: @ASPRgov


New RISC 2.0 Cyber Module Will Help Strengthen Health Care Facilities’ Cybersecurity​




Washington, D.C. (Feb. 23, 2026) -- Today, the Administration for Strategic Preparedness and Response (ASPR), a division of the U.S. Department of Health and Human Services, is introducing a new cybersecurity module within the Risk Identification and Site Criticality (RISC) 2.0 Toolkit.

“Cyber threats are growing more sophisticated. This module is the latest addition to our toolkit of resources to assist our health care and public health partners in preventing the disruption of patient care and strengthening national health security, ” says ASPR Principal Deputy Assistant Secretary John Knox. “We must acknowledge that cyber safety is patient safety and that cyber threats can cause cascading problems across the health care industry. The new cybersecurity module will help our partners understand what is needed to strengthen their resilience and we strongly encourage them to take advantage of it. ”

RISC 2.0 is a free, web-based platform where organizations can conduct risk assessments by identifying threats, assessing vulnerabilities, determining consequences and criticality, and sharing findings with stakeholders. Currently more than 3,500 Health Systems are using the RISC Tool.

The new cybersecurity module guides users through a series of questions about their policies and practices, scoring responses against the NIST Cybersecurity Framework 2.0 and HHS Cybersecurity Performance Goals. This objective, standards-based approach helps organizations identify critical gaps, prioritize investments, and make informed decisions about risk mitigation. When health care organizations have the means to identify risks and vulnerabilities, they can implement strategies that minimize disruptions to patient care and strengthen preparedness and resilience.

Integrated into the existing RISC 2.0 platform, the module allows facilities, health systems, and coalitions to analyze cyber risk alongside other hazards in one unified tool. Users can complete the cyber module questionnaire independently or in combination with other risk assessments, depending on need.

HHS is the Sector Risk Management Agency (SRMA) for the Health Care and Public Health Sector and ASPR coordinates HHS SRMA activities and provides guidance and support to public and private partners to help enhance cybersecurity. To learn more about RISC 2.0 or the cyber module, or if you are an organization interested in using the tool, visit: https://aspr.hhs.gov/RISC/Pages/default.aspx.

About ASPR:

ASPR is the nation’s lead health security agency—driving preparedness before disaster strikes, securing domestic medical supply chains, advancing gold standard science, and delivering a fast, accountable federal response when lives are on the line. We partner with states, local communities, tribes, territories, other federal agencies, and the private sector to strengthen readiness at home. We invest in American manufacturing to reduce foreign dependency, and steward taxpayer resources with transparency, discipline, and measurable outcomes. ASPR protects the American people and ensures that the United States can prepare for, respond to, and recover from any threat to national security, anytime, anywhere.


# # #