HHS is treating cyberattacks like hurricanes, giving hospitals a free tool to measure digital threats against natural disasters.
The Department of Health and Human Services (HHS) has updated its free RISC 2.0 Toolkit to include a cybersecurity module aligned with the NIST Cybersecurity Framework 2.0 and HHS’s voluntary cybersecurity performance goals.
The tool enables hospitals to assess cybersecurity risks alongside physical threats such as hurricanes or power failures, creating a unified risk management approach.
John Knox, principal deputy assistant secretary at the HHS’s Office of the Assistant Secretary for Preparedness and Response (ASPR), emphasized the tool’s role in preventing disruptions to patient care. He stated:
"This module is the latest addition to our toolkit of resources to assist our health care and public health partners in preventing the disruption of patient care..."
Errol Weiss, chief security officer at the Health Information Sharing and Analysis Center (Health ISAC), added:
"By putting cyber side-by-side with other threats and hazards in a unified platform..."
The update follows the landmark Change Healthcare ransomware attack, which exposed vulnerabilities in third-party risk management. HHS’s focus on integrating cybersecurity with existing disaster preparedness frameworks aims to strengthen healthcare resilience against evolving threats.
Source: Cyberscoop | HHS