Healthcare and Public Health Cybersecurity
ASPR Serves as the Sector Risk Management Agency for the Health Care and
Public Health Sector to Protect Patient Health and Safety
#StopRansomware: ALPHV Blackcat#StopRansomware: ALPHV Blackcat
A new joint cybersecurity advisory from FBI, DHS/CISA, and HHS encourages organizations to take actions that mitigate the threat of ransomware. This advisory provides updates to the BlackCat/ALPHV Ransomware Indicators of Compromise released April 19, 2022 and to the advisory released December 19, 2023.
Read the Advisory
The Healthcare and Public Health (HPH) sector continues to experience increasingly sophisticated cyberattacks that exploit complex, interconnected IT systems at hospitals and health care facilities. Nationwide, health care and public health IT infrastructures suffer from many common vulnerabilities: underfunded cybersecurity programs, vulnerable legacy systems, a growing need for skilled cybersecurity professionals, and network-connected medical technologies, including medical devices.
These cyberattacks against the HPH sector are growing both in numbers and severity, with the frequency of cyberattacks on hospitals and health systems more than doubling from 2016 to 2021. The HPH sector experienced a 42 percent increase in ransomware attacks in 2022 compared to 2021. The cost of an average health care data breach has reached $10.93 million, according to a report from IBM Security. That’s an 8% jump from a year ago, when the average cost topped $10 million for the first time. In health care, cyber risks are patient risks – unlike other more typical industries impacted by cybersecurity threats (e.g., energy, finance), disruptions in health care could cost lives.
ASPR has worked with our partners in HHS, across the federal government, and with industry to develop resources to help hospitals and health care facilities protect themselves and their patient’s from cyber attacks.
ASPR leads the HHS divisions and works with our public and private partners to provide guidance and support to help enhance cybersecurity for the health care and public health sectors.
Learn more about ASPR's role in cybersecurity
Learn to Improve Cybersecurity and Cyber Defense