HHS Resources, Funding to Bolster Healthcare Cyber Efforts – Source: www.databreachtoday.com

The Department of Health and Human Services is working on grant programs and other financial programs to help under-resourced healthcare organizations deal with the cybersecurity challenges they’re facing, said La Monte Yarborough, CISO and acting deputy CIO at HHS.

“We are working to demonstrate our commitment to offer some kind of resources by way of grants and other kinds of incentives for implementing cybersecurity practices or to practitioners that don’t have the resources themselves,” he said in an interview with Information Security Media Group on Monday during the Healthcare Information and Management Systems Society conference in Orlando, Florida. “We are continually working that so that hospitals and healthcare providers cam explore those opportunities for financial assistance and other support to bolster their cybersecurity.”

HHS may get financial help under the Biden administration’s budget proposal, which on Monday requested $800 million to help “high-need, low-resourced hospitals cover upfront costs associated with implementing essential cybersecurity practices and $500 million for an incentive program for all hospitals to invest in advance practices.”

In December, the Biden administration issued a concept paper outlining a strategy for beefing up cybersecurity in the healthcare sector, and HHS in recent weeks has been incrementally fleshing out the details of that strategy. The proposed budget requests $141 million for HHS to defend its systems, including $11 million to enhance and expand HHS’ capacity to protect the privacy and security of health information through HIPAA.

In this audio interview with Information Security Media Group at HIMSS (audio link below photo), Yarborough also discussed:

• Critical vulnerabilities and top threats the healthcare sector needs to focus on;
• New HHS cyber guidance that has been issued in Spanish to help healthcare entities in Hispanic communities;
• Lessons emerging from recent cyberattacks, including the ransomware incident involving Change Healthcare as well as attacks involving government agencies.

Yarborough was appointed acting deputy CIO for HHS in December 2023. He is also CISO and executive director of the Office of Information Security. He previously served as CISO for HHS’ Office of Inspector General and as the acting CIO of HHS OIG. Prior to joining HHS, Yarborough worked in various cybersecurity leadership roles, including CISO of DHS and the Federal Emergency Management Agency. Prior to DHS, he served as a consultant and spent over 20 years in the U.S. Army, specializing in IT and cybersecurity.