The Department of Health and Human Services’ Office of Strategic Preparedness and Response is considered HHS’s “one-stop shop” for addressing cyber issues facing the medical and public health sectors.
But Brian Mazanec, deputy director of ASPR’s Readiness Center, said that doesn’t mean his organization handles all of HHS’ healthcare cybersecurity issues.
“This simply means we have a leading role in terms of really integrating all the tools and resources that this department provides specifically to help with cybersecurity and cyber hazards,” Mazanec said in a recent interview. , which means he’s playing the role of quarterback.” “Unfortunately, there is a lot of work to be done as the frequency, sophistication of threats, and the elements of the field under attack continue to increase.”
According to the FBI’s Internet Crime Complaint Center, the healthcare sector is the top target for ransomware attacks. The ransomware raid of payment provider Change Healthcare in February transformed healthcare operations across the healthcare sector, shining a spotlight on the sector’s cyber vulnerabilities and fueling calls for reform.
But even before the Change Healthcare ransomware attack, HHS had already laid out plans to expand ASPR and its role as the healthcare sector’s “sector risk management agency.”
ASPR subsequently established a cybersecurity division within the Critical Infrastructure Protection Agency. Mazanec said this division is the focus of ASPR’s cyber work with this division. The department has hired “the first batch” of federal employees, he said.
Mazanec said one of the cyber division’s core responsibilities is incident response. For example, if a large hospital were to suffer a cyberattack, ASPR’s team would work with the FBI and the Cybersecurity and Infrastructure Security Agency to respond and provide support.
“We go into the field and figure out what the impact is on the patient, what systems are down, what is potentially helpful or can be monitored, and what are the implications for those patients? We are trying to understand what we can offer to take further steps to alleviate it again,” Mazanec said. .
ASPR can also call on other parts of the organization, such as the HHS-sponsored Medical Reserve Corps, to help hospitals and other healthcare organizations recover from serious cyber incidents.
“These can be a good source of staffing support because when you go into a downtime procedure, you’re often doing the kinds of things that are more manual intensive, like paper records.” said Mazanec. “As such, we are able to facilitate connectivity to local MRC departments. We may be able to assist you.”
Another important aspect of ASPR’s cyber division is “communications and education,” Mazanec said. This includes internal communications across HHS, with organizations ranging from the Office of the Chief Information Officer to the Food and Drug Administration handling various aspects of healthcare cybersecurity.
But Mazanec said ASPR is also increasing its proactive outreach to the sector on cybersecurity issues. This includes encouraging adoption of HHS’s voluntary cybersecurity performance goals announced in January.
Copyright © 2024 Federal News Network. Unauthorized reproduction is prohibited. This website is not directed to users within the European Economic Area.
