The U.S. Department of Health and Human Services (HHS) has officially launched its Health Sector Cybersecurity Coordination Center (HC3).
Opened on October 29, 2018 by Deputy Secretary of the HHS, Eric Hargan, the center is located in the Hubert H. Humphrey building at HHS headquarters in Washington D.C. The opening was timed to coincide with National Cybersecurity Awareness Month and the Administration’s rollout of the National Cyber Strategy.
HC3’s mission is to strengthen coordination and improve information sharing within the healthcare industry, and help protect America and American organisations against cyber attacks. HC3 will work closely with healthcare industry stakeholders, including practitioners, organizations, and cybersecurity information sharing organizations, to gain an understanding of current threats, patterns and attack trends. It is hoped that through cooperation that information about current and emerging threats will be shared between healthcare organizations. This collaboration will allow for more robust plans can be implemented to protect healthcare systems, medical devices and patient data.
At the launch, Deputy Secretary Hargain said “HHS is proud to work with the health community to better protect Americans’ health data and confidential information… Today’s announcement is a recognition of the importance we place on stakeholder engagement as part of our cybersecurity work.”
The Department of Homeland Security (DHS) is the primary agency for dealing with cyber threats in the United States and is responsible for developing strategies to combat those threats. In order to support the healthcare sector in increasing its capacity to protect itself against cyber threats, HC3 will work closely with DHS.
The healthcare industry is a potentially lucrative target for cybercriminals, due to the high black-market value of protected health information (PHI). This information can then be used to commit identity fraud and further scams. As such, the industry is being extensively targeted by cybercriminals looking to steal this data by sabotaging systems, damaging medical equipment, and deploying ransomware. In the past year alone there have been more than 400 major data breaches reported by healthcare organizations. Many reports by large cybersecurity organisations show that the healthcare industry is one of, if not the most, targeted industries by cybercriminals. Millions of patients may be affected by a single breach.
Healthcare organisations also provide an easy target for cybercriminals due to their ageing IT infrastructure. Already underfunded, many organisations are unable to find the resources to update their systems and create a more robust security framework. Therefore, when they are attacked, not only are they likely to have their data stolen, but they’re also likely to be hit by a fine for a HIPAA violation due to their inadequate security measures. The HC3 hopes to aid healthcare organisations in implementing an improved, but cost-effective and efficient healthcare security system.
Rapid identification of threats and the provision of timely, accurate, and actionable intelligence is critical to the prevention of cyberattacks. “We believe that when a risk is shared across sectors, the only way to manage that risk successfully is to manage it collectively,” explained Jeanette Manfra, Assistant Secretary for Cybersecurity and Communications in DHS. “We know that the majority of the cybersecurity attacks that occurred over the past year could have been prevented with quality and timely information – and the heightened importance of sharing information cannot be stressed enough.”