HHS Plans for Cyber ‘One-Stop Shop’ After United Healthcare Attack

Share This Post

The Department of Health and Human Services (HHS) has begun an initiative to better organize and equip its healthcare cybersecurity programs through a one-stop shop.

This latest resource is created through the HHS Administration for Strategic Preparedness and Response (ASPR), which leads the US during disasters and public health emergencies relating to health and medical preparation.

This initiative comes after a United Healthcare subsidiary was targeted by BlackCat ransomware group in February, causing days of outages and chaos across the healthcare supply chain. The cyberattack was considered one of the most serious of its kind within the healthcare sector, and led to United paying the ransom demanded by the threat actors. 

The incident prompted a letter from the chairman of the Senate’s Homeland Security and Governmental Affairs Committee, Sen. Gary Peters (D-Mich.). He asked HHS what steps it was taking to prevent such a catastrophe from happening again. The ASPR said it will create new cybersecurity strategies for the healthcare sector and inform healthcare entities of best practices and resources.

“There’s too many doors into cybersecurity when engaging with the federal government generally, let alone HHS,” said Brian Mazanec, the deputy director for ASPR’s Office of Preparedness, in a statement. “Within HHS, there are a lot of different players. So we’re in the process now of really establishing this front door through ASPR to all of those resources.”


This post was originally published on this site

More Articles


Navigating SEC Regulations In Cybersecurity And Incident Response

Free video resource for cybersecurity professionals. As 2024 approaches, we all know how vital it is to keep up to date with regulatory changes that affect our work. We get it – it’s a lot to juggle, especially when you’re in the trenches working on an investigation, handling, and responding to incidents.


BFU – Seeing is Believing

Oh no, the device is in BFU. This is the common reaction; a device needs extracting, and you find it in a BFU state. Often, there’s an assumption that a BFU extraction will only acquire basic information, but that isn’t always the case.