Media Inquiries
For general media inquiries, please contact media@hhs.gov.
An official website of the United States government
Here’s how you know
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Concept paper highlights ongoing and planned steps to improve cyber resiliency and protect patient safety.
WASHINGTON – The U.S. Department of Health and Human Services (HHS) today released a concept paper that outlines the Department’s cybersecurity strategy for the health care sector. The concept paper builds on the National Cybersecurity Strategy that President Biden released last year, focusing specifically on strengthening resilience for hospitals, patients, and communities threatened by cyber-attacks. The paper details four pillars for action, including publishing new voluntary health care-specific cybersecurity performance goals, working with Congress to develop supports and incentives for domestic hospitals to improve cybersecurity, and increasing accountability and coordination within the health care sector.
According to the HHS Office for Civil Rights (OCR), cyber incidents in health care are on the rise. From 2018-2022, there has been a 93% increase in large breaches reported to OCR (369 to 712), with a 278% increase in large breaches involving ransomware. Cyber incidents affecting hospitals and health systems have led to extended care disruptions, patient diversions to other facilities, and delayed medical procedures, all putting patient safety at risk.
“Since entering office, the Biden-Harris Administration has worked to strengthen the nation’s defenses against cyberattacks. The health care sector is particularly vulnerable, and the stakes are especially high. Our commitment to this work reflects that urgency and importance,” said HHS Secretary Xavier Becerra. “HHS is working with health care and public health partners to bolster our cyber security capabilities nationwide. We are taking necessary actions that will make a big difference for the hospitals, patients, and communities who are being impacted.”
“Hospitals across the country have experienced cyberattacks, leading to cancelled medical treatments and stolen medical records. Such impacts are preventable – to keep Americans safe, the Biden-Harris Administration is establishing strong cybersecurity standards for health care organizations and enhancing resources to improve cyber resiliency across the health sector, including working with Congress to provide financial support for hospitals. Today’s announcement by HHS builds on Biden-Harris Administration’s work to operationalize smart cybersecurity practices in our nation’s most critical sectors, like pipelines, aviation, and rail systems,” said Anne Neuberger, Deputy National Security Adviser for Cyber and Emerging Technologies.
“The health care sector is experiencing a significant rise in cyberattacks, putting patient safety at risk. These attacks expose vulnerabilities in our health care system, degrade patient trust, and ultimately endanger patient safety,” said HHS Deputy Secretary Andrea Palm. “HHS takes these threats very seriously, and we are taking steps that will ensure our hospitals, patients, and communities impacted by cyberattacks are better prepared and more secure.”
The HHS concept paper outlines the following actions:
The full concept paper is available here.
The President’s National Cyber Security Strategy is available here.
Receive the latest updates from the Secretary, Blogs, and News Releases
For general media inquiries, please contact media@hhs.gov.
For more information on HHS's web notification policies, see Website Disclaimers.