GAO:医疗网络安全:HHS作为牵头机构继续面临挑战(2024) 2页

VIP文档

ID:71714

阅读量:1

大小:0.52 MB

页数:2页

时间:2024-11-14

金币:10

上传者:PASHU
GAO-25-107755 Healthcare Cyversecurity
Snapshot
Healthcare Cybersecurity: HHS Continues to Have
Challenges
as Lead Agency
GAO-25-107755 · November 2024
As the lead federal agency for the healthcare and public health critical infrastructure sector, the
Department of Health and Human Services (HHS) has faced challenges in carrying out its cybersecurity
responsibilities. Implementing our related prior recommendations can help HHS in its leadership role.
The Big Picture
Over the last several years, there have been
increased cyberattacks in the healthcare and public
health critical infrastructure sector. Recently, in
February 2024, Change Healthcare (a health
payment processor) became the victim of a
ransomware cyberattack that involved the theft of
data resulting in estimated losses of $874 million and
widespread impacts on healthcare providers and
patient care.
Illustration of Example Ransomware Cyberattack Impacts
A
s the lead federal agency for the healthcare and
public health sector, HHS is responsible for
strengthening cybersecurity in the sector. These
responsibilities include coordinating with the
Cybersecurity and Infrastructure Security Agency
(CISA), the national coordinator for critical
infrastructure security and resilience.
What GAO’s Work Shows
Our prior work has highlighted HHS’ challenges in
carrying out its lead responsibilities for sector
cybersecurity. The department has not yet
implemented all our recommendations to address
these challenges.
Supporting Healthcare Cyber Risk Management
HHS has several initiatives intended to mitigate
ransomware risks for healthcare and public health.
Nevertheless, our prior work has found that the
department had not adequately monitored the
sector’s implementation of ransomware mitigation
practices. For example, in January 2024, we reported
that HHS released results of an analysis of U.S.
hospitals’ cybersecurity. Among other things, the
analysis found that participating hospitals had self-
assessed that they had adopted 70.7 percent of the
National Institute of Standards and Technology
Cybersecurity Framework’s functional areas of
identify, detect, protect, respond, and recover.
However, at the time of our report, HHS was not yet
tracking adoption of the ransomware-specific
practices outlined in the framework. Although HHS
officials told us that they would be able to assess
implementation of key concepts in the framework, the
department did not provide evidence of its efforts to
do so. Without full awareness of the sector’s adoption
of cybersecurity practices, HHS risks not directing
resources where needed.
We recommended that HHS, in coordination wit
h
C
ISA and sector entities, determine the sector’s
adoption of leading cybersecurity practices that
help reduce ransomware risk.
资源描述:

作为医疗保健和公共卫生关键基础设施部门的主要联邦机构,卫生与公众服务部(HHS)已经。。。

当前文档最多预览五页,下载文档查看全文

此文档下载收益归作者所有

当前文档最多预览五页,下载文档查看全文
温馨提示:
1. 部分包含数学公式或PPT动画的文件,查看预览时可能会显示错乱或异常,文件下载后无此问题,请放心下载。
2. 本文档由用户上传,版权归属用户,天天文库负责整理代发布。如果您对本文档版权有争议请及时联系客服。
3. 下载前请仔细阅读文档内容,确认文档内容符合您的需求后进行下载,若出现内容与标题不符可向本站投诉处理。
4. 下载文档时可能由于网络波动等原因无法下载或下载错误,付费完成后未能成功下载的用户请联系客服处理。
关闭