In this two-part Triage series, Gina Bertolini, Sarah Carlins, and Jianne McDonald analyze two recent HHS initiatives that address cybersecurity risks to hospitals and health systems nationwide. Cybersecurity events involving our nation’s health care providers have precipitously risen in the past five years. The Department of Health and Human Services’ Office for Civil Rights (OCR) reports a nearly 300% increase in large data breaches that involve ransomware reported to OCR from 2018 to 2022. Interoperability remains a major government priority, and as remote care models continue to proliferate and the need intensifies for big data to feed increasingly complex technologies, risks to health care providers will continue to abound. 

In part two, Gina Bertolini and Sarah Carlins discuss HHS’s “Healthcare Sector Cybersecurity” report, which outlines HHS’s strategy for securing the digital infrastructure of our nation’s health care system. HHS’s strategy includes increased funding for support and enforcement of HIPAA’s Security Rule and the implementation of voluntary Cybersecurity Performance Goals, and HHS projects changes to HIPAA’s Security Rule coming in the Spring of 2024.