The U.S. Department of Health and Human Services (HHS) proposed a strategic approach to enhance healthcare cybersecurity, which met with resistance from the American Hospital Association (AHA). This cybersecurity strategy emphasizes voluntary performance goals, resource provision, enforcement strategy, and a centralized HHS cybersecurity hub. The AHA, however, opposed mandatory cybersecurity requirements, emphasizing the need for cooperative federal support over punitive measures since cyberattacks often originate from sophisticated external entities and third-party vendors. The debate underlies the challenge of balancing patient and data protection with the practicalities and costs of cybersecurity in healthcare.
TPRM report: https://scoringcyber.rankiteo.com/company/hhsgov
"id": "hhs903070724",
"linkid": "hhsgov",
"type": "Cyber Attack",
"date": "12/2023",
"severity": "100",
"impact": "7",
"explanation": "Attack that could injure or kill people"{'affected_entities': [{'industry': ['Healthcare'],
'location': ['United States'],
'name': ['U.S. Department of Health and Human Services',
'American Hospital Association'],
'type': ['Government Agency',
'Non-profit Organization']}],
'description': 'The U.S. Department of Health and Human Services (HHS) '
'proposed a strategic approach to enhance healthcare '
'cybersecurity, which met with resistance from the American '
'Hospital Association (AHA). This cybersecurity strategy '
'emphasizes voluntary performance goals, resource provision, '
'enforcement strategy, and a centralized HHS cybersecurity '
'hub. The AHA, however, opposed mandatory cybersecurity '
'requirements, emphasizing the need for cooperative federal '
'support over punitive measures since cyberattacks often '
'originate from sophisticated external entities and '
'third-party vendors. The debate underlies the challenge of '
'balancing patient and data protection with the practicalities '
'and costs of cybersecurity in healthcare.',
'title': 'Healthcare Cybersecurity Strategy Debate Between HHS and AHA'}