Home » News » Currently Reading:

High Hopes for HHS Cybersecurity Center

May 8, 2017 News 1 Comment

Stakeholders react to news that HHS will launch a healthcare cybersecurity center this summer.
By @JennHIStalk

While administrations may change and legislation come and go, the need for cybersecurity across healthcare’s many verticals seems to be a constant that will remain with the industry for the foreseeable future. News that HHS will create a Healthcare Cybersecurity Communications and Integration Center this summer highlights the federal government’s commitment to helping providers, payers, vendors, and (hopefully) patients prevent data breaches that could impact patient safety.


Modeled after the Department of Homeland Security’s National Cybersecurity and Communications Integration Center, the new HHS center helps to fulfill the Cybersecurity Information Sharing Act of 2015, part of a broad initiative under the Obama administration to bolster the government’s offensive and defensive cybersecurity capabilities.

“HCCIC establishes the mechanism to provide proactive and anticipatory analysis of cyber threats to both HHS and the healthcare and public health sector,” says an HHS spokesperson. (The department declined a formal interview.) “The HCCIC will act as a clearinghouse to drive healthcare-relevant cyber indicators, briefings, and actionable intelligence to and from a wide variety of stakeholders – both public and private. HHS aims to begin initial operations this summer.”

The timing is apropos given the impending release of a report authored by the Health Care Industry Cybersecurity Task Force, a CISA-mandated group put together last spring tasked with:

  • Analyzing how other industries have addressed cybersecurity threats.
  • Reviewing the security challenges associated with networked medical devices and software connected to EHRs.
  • Developing and circulating cybersecurity best practices.
  • Establishing a plan the government can use to freely share real-time intel regarding healthcare cybersecurity threats.

While HHS would not confirm the HCCIC will help to implement the task force’s recommendations, one can only assume that the two resources will converge to some degree. Industry stakeholders are of course eager to collaborate and benefit from the new center’s deliverables, which are yet to be fully determined.


“We are anxious to begin to see actionable data coming out of the HCCIC, including threat and vulnerability,” says Marc Probst, CIO of Intermountain Healthcare (UT), which formed a cybersecurity center last year with the University of Utah and several other partners. “The HHS goals around information sharing and analysis align perfectly with our organization and several that we are working with,” he adds. “We are anxious to contribute and develop automated feeds for the HCCIC.”

While emphasizing that long-overdue federal cybersecurity risk assessment and risk management efforts will provide good implementation guidance, Probst and his colleagues are reluctant to see cybersecurity become a compliance effort or a certification program. “Many of those currently participating are vendors or people with a product to sell,” Probst explains. “We hope the committees and chairs will seek more payer and provider participants.”


While selling a product to providers in need would surely be seen as a positive outcome for any vendor involved, Divurgent CISO Stephen Watkins sees the benefit of an HHS-sponsored cybersecurity center as one of cohesive collaboration. “For advisory and consulting services organizations like ours,” he says, “these centers allow us to share and contribute our strategic, operational, and tactical insight from the field as well as act as both sounding boards and feedback loops for best-practice implementation guidance from the HCCIC, especially for small providers that may not have in-house IT security staff.”

Real-time cybersecurity guidance to the healthcare community will surely be welcome in light of today’s constant stream of data breach announcements, which have become so banal as to no longer incite the media hysteria it first engendered a year or two ago. While it may be too much to hope the center and its collaborators can help providers, payers, and vendors stay ahead of constantly evolving cyber threats, stakeholders no doubt hope HCCIC resources will become some of the strongest defenses in their cybersecurity arsenal.

View/Print Text Only View/Print Text Only

HIStalk Featured Sponsors


Currently there is "1 comment" on this Article:

  1. It looks like, HHS is essentially attempting to duplicate the efforts and services that DHS’ NCCIC already provides. Operational divisions (CMS, FDA, CDC,..etc) already communicate to NCCIC via the HHS Computer Security and Incident Response Center (CSIRC). This duplication in manpower, technology, and services that already exists is likely just another example of Government waste and abuse. HITRUST & NH-ISAC is already the selected non-profit to share and collaborate information to the healthcare sector. Whether HCCIC can somehow replicate these efforts ‘better’ while duplicating costs is left to be determined.

Subscribe to Updates



Text Ads

Report News and Rumors

No title

Anonymous online form
Rumor line: 801.HIT.NEWS



Vince Ciotti’s HIS-tory of Healthcare IT

Founding Sponsors


Platinum Sponsors






















































Gold Sponsors
















Reader Comments

  • Code Jockey: Mr. H - this is a response to 'Really' but I'm not sure how to respond to his post. Also, this is a note for both you an...
  • Clarence: From my experience 7 years as an Epic employee and then 4+ years integrating 3rd party clinical content/software into EH...
  • meltoots: I take issue with one thing in this. The ACR AUC system is ridiculous for specialist physicians. I am a board certified ...
  • Really: Come on Code Junkie... Would any software company on the planet let you take their code, do a minor modification and ...
  • Code Jockey: Sigh.... Code Corrections - the origin of this conversation was a statement by someone that Epic clients were creating t...
  • WhatstheretoWonder: Fairly clear that the ambitions were crushed by unchecked capitalism and Republican waffling on doing the necessary chec...
  • Woodstock Generation: Re: Mr. HIStalk's response to Post-Acute Pat - Mr. HIStalk, you couldn't have said it better about today's healthcare i...
  • It'sNotYouIt'sMe: I also at some point "consented" to give my bank and credit data to Equifax. If you asked the average person when they s...
  • Michael: Re: WSJ article - "without the patient's knowledge or approval." All of the patients consent to give their DNA for resea...
  • DataPlay: If Allscripts flames out of the inpatient market, does that kill their data play as well? I know roughly who buys inpati...

RSS Industry Events

  • An error has occurred, which probably means the feed is down. Try again later.

Sponsor Quick Links