Skip to main content

Healthcare and Public Health Cybersecurity

ASPR Serves as the Sector Risk Management Agency for the Health Care and Public Health Sector to Protect Patient Health and Safety

The Healthcare and Public Health (HPH) sector continues to experience increasingly sophisticated cyberattacks that exploit complex, interconnected IT systems at hospitals and health care facilities. Nationwide, health care and public health IT infrastructures suffer from many common vulnerabilities: underfunded cybersecurity programs, vulnerable legacy systems, a growing need for skilled cybersecurity professionals, and network-connected medical technologies, including medical devices.

These cyberattacks against the HPH sector are growing both in numbers and severity, with the frequency of cyberattacks on hospitals and health systems more than doubling from 2016 to 2021. The HPH sector experienced a 42 percent increase in ransomware attacks in 2022 compared to 2021. The cost of an average health care data breach has reached $10.93 million, according to a report from IBM Security. That's an 8% jump from a year ago, when the average cost topped $10 million for the first time. In health care, cyber risks are patient risks - unlike other more typical industries impacted by cybersecurity threats (e.g., energy, finance), disruptions in health care could cost lives.

ASPR has worked with our partners in HHS, across the federal government, and with industry to develop resources to help hospitals and health care facilities protect themselves and their patient's from cyber attacks.

ASPR leads the HHS divisions and works with our public and private partners to provide guidance and support to help enhance cybersecurity for the health care and public health sectors.

Learn more about ASPR’s role in cybersecurity

No Results

Please adjust your filter criteria and try again.