Home » News » Currently Reading:

High Hopes for HHS Cybersecurity Center

May 8, 2017 News 1 Comment

Stakeholders react to news that HHS will launch a healthcare cybersecurity center this summer.
By @JennHIStalk

While administrations may change and legislation come and go, the need for cybersecurity across healthcare’s many verticals seems to be a constant that will remain with the industry for the foreseeable future. News that HHS will create a Healthcare Cybersecurity Communications and Integration Center this summer highlights the federal government’s commitment to helping providers, payers, vendors, and (hopefully) patients prevent data breaches that could impact patient safety.


Modeled after the Department of Homeland Security’s National Cybersecurity and Communications Integration Center, the new HHS center helps to fulfill the Cybersecurity Information Sharing Act of 2015, part of a broad initiative under the Obama administration to bolster the government’s offensive and defensive cybersecurity capabilities.

“HCCIC establishes the mechanism to provide proactive and anticipatory analysis of cyber threats to both HHS and the healthcare and public health sector,” says an HHS spokesperson. (The department declined a formal interview.) “The HCCIC will act as a clearinghouse to drive healthcare-relevant cyber indicators, briefings, and actionable intelligence to and from a wide variety of stakeholders – both public and private. HHS aims to begin initial operations this summer.”

The timing is apropos given the impending release of a report authored by the Health Care Industry Cybersecurity Task Force, a CISA-mandated group put together last spring tasked with:

  • Analyzing how other industries have addressed cybersecurity threats.
  • Reviewing the security challenges associated with networked medical devices and software connected to EHRs.
  • Developing and circulating cybersecurity best practices.
  • Establishing a plan the government can use to freely share real-time intel regarding healthcare cybersecurity threats.

While HHS would not confirm the HCCIC will help to implement the task force’s recommendations, one can only assume that the two resources will converge to some degree. Industry stakeholders are of course eager to collaborate and benefit from the new center’s deliverables, which are yet to be fully determined.


“We are anxious to begin to see actionable data coming out of the HCCIC, including threat and vulnerability,” says Marc Probst, CIO of Intermountain Healthcare (UT), which formed a cybersecurity center last year with the University of Utah and several other partners. “The HHS goals around information sharing and analysis align perfectly with our organization and several that we are working with,” he adds. “We are anxious to contribute and develop automated feeds for the HCCIC.”

While emphasizing that long-overdue federal cybersecurity risk assessment and risk management efforts will provide good implementation guidance, Probst and his colleagues are reluctant to see cybersecurity become a compliance effort or a certification program. “Many of those currently participating are vendors or people with a product to sell,” Probst explains. “We hope the committees and chairs will seek more payer and provider participants.”


While selling a product to providers in need would surely be seen as a positive outcome for any vendor involved, Divurgent CISO Stephen Watkins sees the benefit of an HHS-sponsored cybersecurity center as one of cohesive collaboration. “For advisory and consulting services organizations like ours,” he says, “these centers allow us to share and contribute our strategic, operational, and tactical insight from the field as well as act as both sounding boards and feedback loops for best-practice implementation guidance from the HCCIC, especially for small providers that may not have in-house IT security staff.”

Real-time cybersecurity guidance to the healthcare community will surely be welcome in light of today’s constant stream of data breach announcements, which have become so banal as to no longer incite the media hysteria it first engendered a year or two ago. While it may be too much to hope the center and its collaborators can help providers, payers, and vendors stay ahead of constantly evolving cyber threats, stakeholders no doubt hope HCCIC resources will become some of the strongest defenses in their cybersecurity arsenal.

View/Print Text Only View/Print Text Only

HIStalk Featured Sponsors


Currently there is "1 comment" on this Article:

  1. It looks like, HHS is essentially attempting to duplicate the efforts and services that DHS’ NCCIC already provides. Operational divisions (CMS, FDA, CDC,..etc) already communicate to NCCIC via the HHS Computer Security and Incident Response Center (CSIRC). This duplication in manpower, technology, and services that already exists is likely just another example of Government waste and abuse. HITRUST & NH-ISAC is already the selected non-profit to share and collaborate information to the healthcare sector. Whether HCCIC can somehow replicate these efforts ‘better’ while duplicating costs is left to be determined.

Subscribe to Updates



Text Ads

Report News and Rumors

No title

Anonymous online form
Rumor line: 801.HIT.NEWS



Founding Sponsors


Platinum Sponsors
























































Gold Sponsors
















Reader Comments

  • EHR Guy: I enjoyed your comments about Epic and their CEO Judy. In watching and being in the industry over the years as Epic has ...
  • EHR Guy: how so... Pretty straight forward. Please explain if you are going to comment....
  • EHR Gal: This was incoherent. Please edit and try again....
  • EHR Guy: I enjoyed your comments about Epic and their CEO Judy. In watching and being in the industry over the years as Epic has...
  • KP Alum: Re the Kaiser Permanente medical school: I think it makes a lot of sense for them to train physicians in how Permanente ...
  • EHRVendor: Good article, unfortunately, this lost credibility when Athenahealth was considered one of the five major EHR Vendors le...
  • Patient advocate: Hi. I don’t see our organization on the Commonwell slide. We have gotten a lot of value from the tool and have ac...
  • Anonymous: I worked for Cerner at the time of the fire, and Cerner had a few dozen associates at the Feather River facilities. Both...
  • monica: 'Champions of Heath' that is perfect and says more about the whole rebranding strategy in 3 words than I could in a para...
  • Bill Spooner: It would be great to know about healthcare costs and outcomes in China, India and Norway, to learn how the various care ...

Sponsor Quick Links