Healthcare and Public Health Sector: Partner Resources

U.S. Department of Health and Human Resources (HHS): HHS is the Sector Risk Management Agency for the healthcare and public health sector. 

  • Division of Critical Infrastructure Protection: As the HPH Sector Risk Management Agency designee for HHS, the Administration for Strategic Preparedness and Response’s Office of Critical Infrastructure Protection (CIP) manages the Healthcare and Public Health (HPH) Sector Critical Infrastructure Protection Partnership (HPH Partnership), a coordinating body of more than 300 private sector organizations and federal, state, local, tribal, and territorial (FSLTT) agencies. Through the HPH Partnership, CIP takes an all-hazards approach (including cyber) to identify and mitigate risks to the HPH Sector through collaboration and information sharing. 

  • 405(d) Program and Task Group: The 405(d) Program is a collaborative effort between industry and the federal government to align healthcare industry security practices to develop consensus-based guidelines, practices, and methodologies to strengthen the healthcare and public health (HPH) sector’s cybersecurity posture against cyber threats. As the leading collaboration center of the Office of the Chief Information Officer/Office of Information Security, the 405(d) Program is focused on providing the HPH sector with useful and impactful resources, products, and tools that help raise awareness and provide vetted cybersecurity practices, which drive behavioral change and move towards consistency in mitigating the most relevant cybersecurity threats to the sector.

Office for Civil Rights logo at HHS

  • Office for Civil Rights (OCR): The OCR at HHS is responsible for enforcing regulations to protect the privacy and security of protected health information, namely the HIPAA Privacy, Security and Breach Notification Rules (the HIPAA Rules). The Health Information Privacy, Data, and Cybersecurity (HIPDC) Division within the OCR provides resources, training, and outreach, including cybersecurity guidance and best practices, to organizations that are required to comply with the HIPAA Rules. 

Cyber Clinician Video Series: This impactful series developed by the Health Sector Coordinating Council explains in easy, non-technical language how cyber-attacks can affect clinical operations and patient safety, and outlines what clinicians can do to help keep healthcare data, systems, and patients safe from cyber threats without losing time away from patients.   

NIST Cyber Security Framework Implementation Guide for Healthcare and Public Health: This implementation guide, developed by the HSCC Cybersecurity Working Group and the HHS Administration for Strategic Preparedness and Response (ASPR), helps health care organizations take immediate steps to manage cyber risks to their IT systems.