![Tyson Foods Plant [Photo: Food Manufacturing]](https://southarkansassun.com/wp-content/uploads/2023/08/iStock_1185520857__1_.5e441daa51cca-600x337.jpg)
![Silverado Senior Living Management Inc. [Photo: Los Angeles Times]](https://southarkansassun.com/wp-content/uploads/2023/10/download-6-4-600x337.jpg)
![China's Wuhan Institute of Virology [Photo: Nature]](https://southarkansassun.com/wp-content/uploads/2023/09/d41586-021-01529-3_19239608-600x337.jpg)
Gov Info Security recently reported about the Department of Health and Human Services (HHS) has introduced voluntary cybersecurity performance goals for the healthcare sector, establishing a roadmap for enhanced cybersecurity practices. This move follows the Biden administration’s strategy, released in December, emphasizing the need for a robust cybersecurity posture in healthcare entities. Although voluntary, these goals are expected to influence upcoming HHS rule-making, introducing potential incentives for healthcare organizations to adopt recommended practices.
Photo from BankinfoSecurity
Performance Goals Framework
HHS’ 13-page Cybersecurity Performance Goals document outlines essential and enhanced goals, drawing from industry frameworks like NIST’s Cybersecurity Framework. The “essential goals” focus on foundational practices, while the “enhanced goals” encourage advanced cybersecurity measures.
Deputy Secretary of HHS, Andrea Palm, underscores the responsibility to fortify the healthcare system against cyber threats. The performance goals, she notes, will contribute to proposed enforceable cybersecurity standards across HHS policies and programs.
While labeled “voluntary,” these goals can influence future rule-making, potentially incorporating financial programs to incentivize healthcare entities. This includes an upfront investment program for initial cybersecurity costs and an incentives program to promote advanced practices.
Essential and Enhanced Goals
Essential goals encompass measures like email security, multifactor authentication, and incident response planning. Enhanced goals target advanced capabilities such as network segmentation and cybersecurity testing.
HHS envisions these goals as addressing common vulnerabilities, safeguarding against cyberattacks, and minimizing residual risk. The guidance aims to elevate cybersecurity as a patient safety imperative.
