Skip to main content
U.S. flag

An official website of the United States government

Here’s how you know

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

HTTPS

Secure .gov websites use HTTPS
A lock (LockA locked padlock) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

  • About HHS
  • Programs & Services
  • Grants & Contracts
  • Laws & Regulations
  • Radical Transparency
  • Big Wins
Breadcrumb
  1. Home
  2. About
  3. Agencies
  4. ASA
  5. Office of the Chief Information Officer (OCIO)
  6. Health Sector Cybersecurity Coordination Center (HC3)
  7. HC3 FAQ
  • Assistant Secretary for Administration (ASA)
  • Fair Chance to Compete for Jobs Act
  • About ASA
  • EEO
    • About EEO
      • No Fear
      • Programs & Offices
      • Contact Reasonable Accommodation Coordinators
      • Personal Assistant Services
    • EEO Policy Statement
  • Office of Organizational Management (OOM)
    • About OOM
    • Consulting Services
    • Fair Act Inventory
    • Contact Us
  • Office of Human Resources (OHR)
    • About OHR
      • OHR Divisions
      • Mission and Vision
      • Leadership
      • Contact Us
    • Begin Your Career at HHS
    • New Employee Orientation
    • HR Policy Library
  • Office of the Chief Information Officer (OCIO)
    • About OCIO
      • What We Do
      • Our Mission
      • Plans & Reports
      • Contact Us
    • Cybersecurity
      • HC3 Home Page
      • HC3 About Us
      • HC3 FAQ
      • HC3 Products
      • HC3 Victim Notification
      • HC3 Contact Us
    • HHS IT Management Jobs
  • Program Support Center (PSC)
    • Accounting
    • Board for Correction
    • Building Operations
    • Debt Collection
    • Federal Real Property Assistance Program (FRPAP)
    • FedResponse Contact Center
    • Financial Reporting Services
    • Grants Management
    • Indirect Cost Negotiations
    • Intake, Suitability, and Badging
    • Mail and Publishing
    • Physical Security, Emergency Management, and Safety
    • Real Property Policy and Strategy
    • Space Design and Construction
    • Supply Chain Management
    • Transportation Services
  • PSC Federal Occupational Health (FOH)
    • Office of the Director
    • Behavioral Health Services
    • Clinical Health Services
    • Environmental Health and Safety Services
    • Wellness and Health Promotion Services

HC3 FAQ

Frequently asked questions

The Health Sector Cybersecurity Coordination Center (HC3) serves as a U.S. Department of Health and Human Services' focal point for cybersecurity collaboration with the Healthcare and Public Health (HPH) sector, ensuring cybersecurity risks are actively identified and communicated.

In accordance with the Cybersecurity Act of 2015 and in its role as the designated Sector-Specific Agency, as identified in Presidential Policy Directive (PPD)-21, HHS created HC3 to ensure cybersecurity information sharing is coordinated with the HPH sector, including within HHS and with government partners, to aid in the protection of vital healthcare-related controlled information and privacy.

HC3 develops knowledge-based cybersecurity products intended to raise overall sector awareness by conducting research and technical analysis on cyber threats, and developing mitigation techniques. HC3 ensures cybersecurity information sharing is coordinated with the HPH sector, including within HHS and with government partners.

HC3 provides knowledge-based products, and communications to organizations within the HPH sector regardless of size, capabilities, and available resources. Also, HC3 has established a bi-monthly briefing forum to deliver briefings providing cyber threat information to technical and non-technical professionals within the sector.

HC3 collaborates with public/privates sector entities via various communication platforms which consists of stakeholders of different sizes and functions (varying from direct patient care, device manufacturing, to electronic health record systems). Sector entities can submit questions, and share information by contacting the email inbox at HC3@hhs.gov. Additionally, the HC3 conducts interactive meetings to learn about external organizations, challenges facing the sector, and receiving feedback on our products.

HC3 strengthens coordination of cybersecurity information sharing across the HPH sector, which consists of stakeholders of various sizes and functions, varying from direct patient care to device manufacturing to electronic health record systems. HC3 is dedicated to cultivating cybersecurity resilience regardless of an organization's technical capacity, but recognizes the special focus that small to medium sized organizations require due to their lack of dedicated cybersecurity capabilities.

HC3 believes in fulfilling its mission through close collaboration and partnerships with other organizations. HC3 coordinates with the Department of Homeland Security (DHS) National Cybersecurity and Cybersecurity and Infrastructure Security Agency (CISA) and the Administration for Strategic Preparedness and Response (ASPR) to engage and provide services to the HPH sector. ASPR is a key partner for HC3 information dissemination and provides access to customers through the Government Coordinating Council and Sector Coordinating Council

The FDA's Center of Excellence on Digital Health is focusing on the cybersecurity issues surrounding medical devices, whereas HC3 has a broader mission in looking at the whole health sector. HC3 will continue its collaboration with FDA as an integrated team to ensure the best possible protection for the public. FDA has extensive expertise and authority on all aspects of medical devices from design, deployment, oversight, and regulation. FDA's is working to provide cybersecurity market guidance to manufactures to improve the security of medical devices.

The Computer Security Incident Response Center (CSIRC) is HHS' internal center for dealing with security issues, the HC3 is an externally facing entity that is focused on the HPH sector. The HC3 does leverage information gathered by the CSIRC to inform the HPH sector and shares information to the CSIRC that we have gathered from industry.

The 405d effort at HHS was convened to support the CSA 405(d) Task Group to enhance cybersecurity and align industry approaches by developing a common set of voluntary, consensus-based, and industry-led guidelines, practices, methodologies, procedures, and processes that healthcare organizations can use to enhance cybersecurity. The task group released the Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients in December 2018 and are working to make updates to that report. The HC3 looks at immediate and ongoing threats to the sector and provides directed guidance on how to prevent, mitigate, and resolve issues, in addition to providing notifications to sector entities on immediate threats to their particular institutions.

ASPR has responsibilities across all hazards to the HPH sector, and does not always maintain the expertise in house. For instance, in the case of a Flu pandemic, ASPR conducts emergency management roles relying on the Public Health Service Corp, which is made up of practicing medical professionals, for deployment and provisioning of care. Similarly, the best place to find cybersecurity experts is on teams doing cybersecurity. The OCIO has these capabilities in the HC3; HC3's mission is to focus on maintaining cyber analysis capabilities to support HPH sector stakeholders and fostering the development of proactive HPH sector cyber defense strategies. This is the intersection of where ASPR and HC3 come together and where our collaboration lives. ASPR also works regularly with other HHS divisions, DHS, and other government partners.

Content created by Office of the Chief Information Officer (OCIO)
Content last reviewed March 13, 2023
Back to top

Subscribe to Email Updates

Receive the latest updates from the Secretary and Press Releases.

Subscribe
  • Contact HHS
  • Careers
  • HHS FAQs
  • Nondiscrimination Notice
  • Press Room
  • HHS Archive
  • Accessibility Statement
  • Privacy Policy
  • Budget/Performance
  • Inspector General
  • Web Site Disclaimers
  • EEO/No Fear Act
  • FOIA
  • The White House
  • USA.gov
  • Vulnerability Disclosure Policy
HHS Logo

HHS Headquarters

200 Independence Avenue, S.W.
Washington, D.C. 20201
Toll Free Call Center: 1-877-696-6775​

Follow HHS

Follow Secretary Kennedy