ASPR seeks feedback on public health orgs' cybersecurity needs

The Administration for Strategic Preparedness and Response will be surveying agencies to assess the readiness of state, local, tribal and territorial public health organizations to manage cyber threats and gauge their needs for support.
By Andrea Fox
10:41 AM

The Joint Public Health Cybersecurity Task Group, the Healthcare and Public Health Sector Coordinating Council and the Healthcare and Public Health Sector Joint Cyber Working Group are evaluating the current state of readiness within this essential subsector to identify avenues for enhancing its resilience against evolving cyber threats.

WHY IT MATTERS

The anonymous survey, administered through a partnership with the University of Texas at Austin, will require approximately 15 minutes to complete. 

The findings will inform grant funding recommendations and shape public health sector policies, according to Bob Bastani, senior cybersecurity advisor for critical infrastructure protection for the Administration for Strategic Preparedness and Response, and Dr. Leanne Field, chair of the HSCC's public health subsector and executive committee member of the Cybersecurity Working Group and faculty member at UT Austin.

Among the questions, the survey asks if a cyber event interrupted normal health department processes, what would be the most damaging loss of public health services to the community served?

"The insights obtained from a diverse array of public health officials, decision-makers, practitioners and information technology leaders across SLTT communities are crucial in informing our collective strategy for cybersecurity," they wrote in their announcement.

High levels of participation in the survey are crucial, said Greg Garcia, executive director of the HSCC Cyber Working Group. 

"In light of the increasing cyber threats faced by the sector, this voluntary survey presents a vital opportunity to evaluate current readiness levels and pinpoint areas that require enhancement," he said in his correspondence to health officials posted by the National Association of County and City Health Officials on its website.

Bastani and Field also requested assistance in promoting the online survey, which will remain open until Monday, December 2, to public health leaders and practitioners at all levels.

THE LARGER TREND

The U.S. Department of Health and Human Services, the parent agency of ASPR, centralizes cybersecurity resources provided by it and other federal agencies for the healthcare and public health sector to help address cybersecurity threats that have reached epidemic proportions.

Public health agencies are far from immune to healthcare cyberattacks, as government agencies are a target of cyber adversaries bent on financial gain, service disruption or both.

In June, the Los Angeles County Department of Public Health said it experienced a phishing attack on February 19 and 20, during which a hacker gained the login credentials of 53 Public Health employees. The brief attack compromised the personal information, including first and last names, dates of birth, diagnoses, prescriptions, Social Security Numbers and financial information of more than 200,000 people, the county said.

The cybersecurity preparedness of public health could also be compromised by the advance of digital tools like artificial intelligence.

"What happens if a chatbot from a well-respected institution starts propagating misinformation during a future public health emergency?" pondered Brian R. Spisak, a healthcare digital transformation consultant, researcher and educator in a June opinion piece in Healthcare IT News.

While Spisak was writing about the potential dangers of the World Health Organization's generative AI chatbot Sarah introduced in April, AI and cybersecurity are closely intertwined and public health use of AI technologies presents risks.

Technology risk management and threats to patient safety "aren't mutually exclusive, they're mutually inclusive," noted Atlantic Health System Chief Information and Digital Officer Sunil Dadlani at the HIMSS cybersecurity forum in September.

ON THE RECORD

"Understanding that many SLTT communities may not have previously engaged with initiatives of this nature, we are reaching out to encourage widespread participation of the public health community," Bastani and Field said in the survey announcement.

Andrea Fox is senior editor of Healthcare IT News.
Email: afox@himss.org

Healthcare IT News is a HIMSS Media publication.

Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.