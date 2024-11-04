The Department of Health and Human Services is seeking additional funding to achieve the goals under the three remaining pillars of its year-old cybersecurity strategy for the healthcare sector, Federal News Network reported Thursday.

In an interview on the Ask the CIO podcast, Brian Mazanec, the deputy director of the Office of Preparedness in the HHS Administration for Strategic Preparedness and Response, or ASPR, shared that the agency published healthcare-specific cybersecurity performance goals in January, accomplishing the first pillar of the strategy.

The ASPR is now focused on other strategy priorities: providing resources to incentivize and implement these cybersecurity practices, implementing an HHS-wide strategy to support greater enforcement and accountability, and expanding and maturing a one-stop shop within HHS for healthcare sector cybersecurity.

Cybersecurity Tools and Funding for Healthcare Systems

Mazanec said HHS worked with the White House to include a $1.3 billion funding in the fiscal year 2025 budget request to support a program led by the Centers for Medicare & Medicaid Services aimed at providing cybersecurity resources to the healthcare sector. The deputy director also shared that his office implements a $240 million hospital preparedness program that funds select activities of healthcare coalitions focused on cybersecurity and other preparedness initiatives.

For the development of the healthcare cybersecurity one-stop shop, the ASPR seeks $12 million in additional FY 2025 funding to have more capabilities available for combating cyberattacks.

Cybercriminals Targeting Healthcare Sector

The HHS moves to help the sector defend against cyberthreats amid the increasing cyber incidents targeting the industry. According to the Office of the Director of National Intelligence, a 128 percent increase in ransomware attacks that targeted the U.S. healthcare sector was seen in 2023, compared to similar incidents in 2022. Globally, ransomware hit 389 healthcare organizations in 2023, higher than the 214 entities recorded in 2022.

