Confronting Heightened Cybersecurity Threats Amid COVID-19


Authored By: Greg Singleton, Chief of the Health Sector Cybersecurity Coordination Center, HHS and Sana Saleh, Chief of the Cross-Functional Planning & Coordination, CISA

Did you know that Americans’ private health data is estimated to be worth up to 20 times the value of financial data on the Dark Web?[1]  This makes the Health and Public Health (HPH) Sector a primary target for cybercriminals. When an HPH Sector entity is affected by a cyber event, the public may lose its ability to engage with or receive health services, putting lives at risk.  The COVID-19 pandemic has raised the stakes, increasing cyber risk in the HPH Sector in proportion to the increased pace of activity amid widespread transition to remote work environments.

The HPH Sector has been significantly impacted due to both existing cybersecurity challenges and those brought on by COVID-19. Resource constraints paired with the complex architecture of both Information Technology (IT) and Operational Technology (OT) hindered HPH entities’ response and recovery efforts.

Cybersecurity is essential for effectively securing data needed to treat patients and maintain their access to critical health services.  Patient safety and well-being are the top priorities when it comes to securing health infrastructure. Targeted attacks continue to plague the HPH Sector with the distribution of COVID-19 vaccines underway. Increasing cybersecurity awareness among HPH personnel and the general public can help alleviate the frequency and overall impact of incidents.

The Department of Health and Human Services (HHS) and the Cybersecurity and Infrastructure Security Agency (CISA) have been in close coordination since the onset of the pandemic. This coordination has led to key cybersecurity insights, which are reflected in the infographics featured on this webpage.

Government and the private sector must work together to confront cyber challenges and secure HPH data and infrastructure. CISA and HHS recommend HPH entities take the following steps:


  • Implement regular network scanning and patching cycles.
  • Leverage email banners, user training, and other tools to reduce risk of phishing.
  • Develop and practice incident response plans in a remote environment, including data backup and recovery.
  • Modernize technologies where feasible—and segment those end-of-life technologies that cannot be modernized. IT modernization through removal of End of Life (EOL) systems and devices will help reduce the risk of introducing permanent vulnerabilities into networks.


  • Establish disaster response roles and responsibilities between federal agencies; continue work with private industry and sector partners; and continue meaningful collaboration between the Cybersecurity and Infrastructure Security Agency (CISA) and U.S. Department of Health and Human Services (HHS).
  • Develop and implement “State of Emergency” standard operating procedures that include leveraging rapid response technical teams.
  • Implement as appropriate recommendations from the Cyber Solarium Commission (including the addendum during COVID-19).

[1] Humer, Caroline, and Jim Finkle. “Your-Medical-Record-Is-Worth-More-to-Hackers-than-Your-Credit-Card.” Reuters, 24 Sept. 2014.