The Health Sector Cybersecurity Coordination Center (HC3) is leading the charge for the U.S. Department of Health and Human Services in aiding the protection, coordination, and sharing of cybersecurity information to the Healthcare and Public Health (HPH) sector. HC3 achieves this through developing cyberattack mitigation resources and fostering HPH sector collaboration and partnerships.
To support the defense of the Healthcare and Public Health Sector’s (HPH) information technology infrastructure by strengthening coordination and information sharing within the sector, and by cultivating cybersecurity resilience, regardless of organizations’ technical capacity.
The Health Sector Cybersecurity Coordination Center (HC3) was established in response to the Cybersecurity Information Sharing Act of 2015 — a federal law mandated to “improve the cybersecurity in the U.S. through enhanced sharing of information about cybersecurity threats, and for other purposes.”
In order to safeguard cybersecurity information sharing and improve the cybersecurity posture of the sector, the Department of Health and Human Services established the Health Sector Cybersecurity Coordination Center (HC3). HC3 was established to act as the coordinator of cybersecurity information sharing across the HPH sector, to affirm the protection of vital healthcare information, and to aid the sector in mitigating cyberattacks through collaboration.
HC3 is the U.S. Department of Health and Human Services’ focal point for cybersecurity collaboration with the Healthcare and Public Health (HPH) sector, ensuring cybersecurity risks are actively identified and communicated with a centralized systematic operation of:
- Vigilance and Awareness
HC3's role is to work with the HPH sector to understand the threats it faces, to learn adversaries' patterns and trends, and to provide information and approaches to the sector on how it can better defend itself.
Additionally, HC3 facilitates access to knowledge-based resources necessary to support robust cybersecurity programs, and mitigate damage in security breach situations.
HC3 helps to identify, correlate, and communicate cybersecurity information across the HPH sector.
HHS partners with the HPH sector to increase awareness and foster consistency with cybersecurity practices for a wide range of stakeholders.
There are key benefits of information sharing within the HPH sector. For one, various stakeholder audiences — such as small, medium, and large healthcare organizations — gain access to increased cybersecurity awareness.
Another benefit is the increased vigilance and detection for sector defense; for example, a reduction of interrupted care delivery and patient safety, as well as tactical defense measures and best practices.
Lastly, the information sharing within the HPH sector allows for an enterprise-level view of cybersecurity risk management, and demonstrates a holistic view of cybersecurity, rather than just an IT perspective.