Data theft and ransomware attacks targeting health care organizations have increased dramatically over the past several years, disrupting patient care, safety and privacy. Your organization can prepare for and manage such risks by viewing cybersecurity not as an IT issue but rather by making it part of your existing governance, risk management and business continuity framework.

The AHA has long been committed to helping hospitals and health systems defend against and deflect cyberattacks. That is why the AHA supports the voluntary Cybersecurity Performance Goals (CPGs) published by the Department of Health and Human Services (HHS) specifically for the Healthcare and Public Health (HPH) sector.

What are HPH Cybersecurity Performance Goals?

HHS created its Cybersecurity Performance Goals (CPG) to help health care organizations implement high-impact cybersecurity practices to better prepare for and mitigate cyberthreats.

Follow the practices to:

  • Better protect your hospital or health system from cyberattacks.
  • Improve response when events occur.
  • Minimize residual risk.
  • Mature and heighten your cybersecurity capabilities.
  • Ultimately, protect patient health information and safety.

The CPGs are targeted at defending against the most common tactics used by cyber adversaries to attack health care and related third parties, such as exploitation of known technical vulnerabilities, phishing emails and stolen credentials. The AHA recommends that all components of the health care sector implement these practices including third-party technology providers and business associates.

Learn more about these cybersecurity practices on the HHS Cybersecurity Performance Goals webpage. Or print the Goals.

How Can AHA Help You Prepare?

While escalating cyberattacks underscore the critical need for your hospital or health system to defend against malicious actors, you cannot do it alone.

The AHA has worked closely with federal agencies, the hospital field and vendors to build trusted relationships and channels for the mutual exchange of cyberthreat information and resources and to assist in implementation of risk mitigation practices such as the HPH Cybersecurity Performance Goals.

As part of this work, the AHA established the AHA Preferred Cybersecurity Provider (APCP) program to support our members’ cybersecurity initiatives. Trust the vetted services of the highly reputable and accomplished cybersecurity providers listed below who have developed dedicated resources and offerings to help you meet the HPH Cybersecurity Performance Goals.

Cybersecurity Performance Goal Resources from AHA Partners

Google

For all AHA-member nonprofit hospitals, three complimentary services including consultation with Google ChromeOS Healthcare Specialists, evaluation and certification of existing hardware to run ChromeOS Flex, and access to ChromeOS Jumpstart Program.

Microsoft

Providing free cybersecurity assessments including insights and recommendations on improving your hospital's cybersecurity awareness and defenses. Offer includes cybersecurity awareness and risk mitigation training for frontline and IT staff and affordable access to advanced enterprise security product suite and Windows 10 Extended Security Update free for one year. For independent CAHs and REHs, Microsoft will provide standard nonprofit discounts.

Aon

Four complimentary services for all AHA members to prepare for CPG compliance, including access to a submission platform, risk analysis and cyber insurance policy review. Plus a complete package of discounted pricing on Aon cyber solutions for 16 of the 20 specific Essential and Enhanced cybersecurity goals.

Censinet

Complimentary CPG Compliance Started Kit for all AHA members, which includes a tool to assess compliance, benchmark performance, implement assessments and action plans, monitor risk and report compliance.

Critical Insight

Complimentary incident response plan checkup for all AHA members, plus discounts on access to a platform, tools and professional advisory services to achieve both Essential and Enhanced cybersecurity goals.

Cylera

Discount for all AHA members off price of Cylera platform, an advanced healthcare IoT asset intelligence and security solution that optimizes care delivery, service availability, and cyber defenses across healthcare IT, IoT, connected medical devices and building management systems.

GM Sectec

For all AHA members. complimentary 30-day trial of ThreatWise, an early-warning ransomware detection service, plus a discount off DataPreserve, a data backup and recovery service that protects cloud-based and Office 365 data.

Learn more about the APCP program plus additional APCP providers fulfilling a range of cybersecurity needs.

  

Stay up-to-date on the latest cybersecurity news, resources & alerts.

Subscribe

Cybersecurity News

See More
AHA comments on CIRCIA’s cyber incident reporting requirements 
HHS issues cyber alert on critical vulnerability in ‘MOVEit,’ file transfer platform
HC3-Sector Alert TLP Clear - Critical MOVEit Vulnerabilities Expose Health Sector to Data Breaches
Agencies issue joint report on memory safety vulnerabilities in open source projects
Bulletin alerts health sector to cyberthreat exploits on TeamViewer
FBI, HHS issue advisory on cyberthreat actors targeting health care to divert payments
FBI CYBER - TLP Green: Social Engineering Tactics Targeting Healthcare & Public Health Entities and Providers
Joint Cyber Advisory TLP Clear: Social Engineering Tactics Targeting Healthcare & Public Health Entities and Providers
HHS alerts health sector to cyberthreat from Qilin ransomware group 
Change Healthcare begins notifying customers with compromised patient data following cyberattack 
TLP Clear HC3 Threat Profile: Qilin, aka Agenda Ransomware June 18 2024
CMS to close program addressing Medicare funding issues resulting from Change Healthcare cyberattack 
More Cybersecurity News

For help with Cybersecurity and Risk Advisory Services exclusively for AHA members, contact:

John Riggi

National Advisor for Cybersecurity and Risk, AHA

jriggi@aha.org

(O) +1 202 626 2272

More on John Riggi
Cybersecurity & Risk Advisory Services

Cyber Alerts and Reports