Home » News » Currently Reading:

High Hopes for HHS Cybersecurity Center

May 8, 2017 News 1 Comment

Stakeholders react to news that HHS will launch a healthcare cybersecurity center this summer.
By @JennHIStalk

While administrations may change and legislation come and go, the need for cybersecurity across healthcare’s many verticals seems to be a constant that will remain with the industry for the foreseeable future. News that HHS will create a Healthcare Cybersecurity Communications and Integration Center this summer highlights the federal government’s commitment to helping providers, payers, vendors, and (hopefully) patients prevent data breaches that could impact patient safety.


Modeled after the Department of Homeland Security’s National Cybersecurity and Communications Integration Center, the new HHS center helps to fulfill the Cybersecurity Information Sharing Act of 2015, part of a broad initiative under the Obama administration to bolster the government’s offensive and defensive cybersecurity capabilities.

“HCCIC establishes the mechanism to provide proactive and anticipatory analysis of cyber threats to both HHS and the healthcare and public health sector,” says an HHS spokesperson. (The department declined a formal interview.) “The HCCIC will act as a clearinghouse to drive healthcare-relevant cyber indicators, briefings, and actionable intelligence to and from a wide variety of stakeholders – both public and private. HHS aims to begin initial operations this summer.”

The timing is apropos given the impending release of a report authored by the Health Care Industry Cybersecurity Task Force, a CISA-mandated group put together last spring tasked with:

  • Analyzing how other industries have addressed cybersecurity threats.
  • Reviewing the security challenges associated with networked medical devices and software connected to EHRs.
  • Developing and circulating cybersecurity best practices.
  • Establishing a plan the government can use to freely share real-time intel regarding healthcare cybersecurity threats.

While HHS would not confirm the HCCIC will help to implement the task force’s recommendations, one can only assume that the two resources will converge to some degree. Industry stakeholders are of course eager to collaborate and benefit from the new center’s deliverables, which are yet to be fully determined.


“We are anxious to begin to see actionable data coming out of the HCCIC, including threat and vulnerability,” says Marc Probst, CIO of Intermountain Healthcare (UT), which formed a cybersecurity center last year with the University of Utah and several other partners. “The HHS goals around information sharing and analysis align perfectly with our organization and several that we are working with,” he adds. “We are anxious to contribute and develop automated feeds for the HCCIC.”

While emphasizing that long-overdue federal cybersecurity risk assessment and risk management efforts will provide good implementation guidance, Probst and his colleagues are reluctant to see cybersecurity become a compliance effort or a certification program. “Many of those currently participating are vendors or people with a product to sell,” Probst explains. “We hope the committees and chairs will seek more payer and provider participants.”


While selling a product to providers in need would surely be seen as a positive outcome for any vendor involved, Divurgent CISO Stephen Watkins sees the benefit of an HHS-sponsored cybersecurity center as one of cohesive collaboration. “For advisory and consulting services organizations like ours,” he says, “these centers allow us to share and contribute our strategic, operational, and tactical insight from the field as well as act as both sounding boards and feedback loops for best-practice implementation guidance from the HCCIC, especially for small providers that may not have in-house IT security staff.”

Real-time cybersecurity guidance to the healthcare community will surely be welcome in light of today’s constant stream of data breach announcements, which have become so banal as to no longer incite the media hysteria it first engendered a year or two ago. While it may be too much to hope the center and its collaborators can help providers, payers, and vendors stay ahead of constantly evolving cyber threats, stakeholders no doubt hope HCCIC resources will become some of the strongest defenses in their cybersecurity arsenal.

View/Print Text Only View/Print Text Only

HIStalk Featured Sponsors


Currently there is "1 comment" on this Article:

  1. It looks like, HHS is essentially attempting to duplicate the efforts and services that DHS’ NCCIC already provides. Operational divisions (CMS, FDA, CDC,..etc) already communicate to NCCIC via the HHS Computer Security and Incident Response Center (CSIRC). This duplication in manpower, technology, and services that already exists is likely just another example of Government waste and abuse. HITRUST & NH-ISAC is already the selected non-profit to share and collaborate information to the healthcare sector. Whether HCCIC can somehow replicate these efforts ‘better’ while duplicating costs is left to be determined.

Subscribe to Updates



Text Ads

Report News and Rumors

No title

Anonymous online form
Rumor line: 801.HIT.NEWS



Founding Sponsors


Platinum Sponsors
























































Gold Sponsors

















Reader Comments

  • Vaporware?: JTR, Cerner is re-tooling itself from a software company (sic) into a service company. The company needs a place to put ...
  • Dave Butler: Many similar issues that I've found as well during my time with provider groups. The EHRs screen can be really busy and ...
  • Justa Trench Rat: Nice to see Cerner continuing with their new campus. I am sure our implementation of their highly questionable revenue ...
  • FRANK POGGIO: Shows to go ya...answering black and white Jeopardy questions is a far cry from the massive grey area of medicine/pharma...
  • Number Cruncher: You are right AC. The cost is seriously underestimated here. Just looking at the numbers - $1 B for 5 years = $200 M ...
  • Abraham Van Helsing: Re Theranos. Will be interesting to follow the saga. As I and others had noted going back 2+ years, something was obvi...
  • Prof. Moriarty: Re: Watson pull out. I've not been directly involved with this product, but from its beginning I have always seen Watso...
  • mih: Of course they can, and for much much cheaper. But why would they do it? Existing arrangement works for everyone in the ...
  • Andrew M. Harrison: Thanks for (actually) reading our paper. I enjoyed the story of your friend, as well as the translation of numbers to em...
  • Mike: I would love to see this type of discussion around Blockchain. It is being hyped heavily currently. Yet, I wonder how we...

RSS Industry Events

  • An error has occurred, which probably means the feed is down. Try again later.

Sponsor Quick Links