Hospital Cyber Resiliency Landscape Analysis (Health Industry and HHS 405(d) Joint Publication)

Hospital Cyber Resiliency Landscape Analysis

May 2023

Health delivery organizations across the United States have faced dramatic increases in cyber-attacks intended to cause disruption to the care continuum. In response to this growing threat, the HHS 405(d) Program conducted this Landscape Analysis, which identifies the vulnerabilities and threats most frequently resulting in damaging attacks against hospitals and assesses the hospitals’ known capabilities for preventing damaging cyber incidents.

The HPH Sector has faced dramatic increases in cyber-attacks intended to cause disruption to the care continuum. In response to this growing threat, the HHS 405(d) Program conducted Landscape Analysis, which reviewed active threats attacking hospitals and the cybersecurity capabilities of hospitals operating in the United States.

The Landscape Analysis conducted a deeper investigative study into both the methods that cyber adversaries are using to compromise US hospitals, disrupt operations and extort for financial gain. It then benchmarked these results to specific practices of the Health Industry Cybersecurity Practices (HICP) in order to outline the most meaningful protections to these specific threats.