Skip to main content

Statement about HHS Cyber Performance Goals

January 2024
The Health Sector Coordinating Council (HSCC) Cybersecurity Working Group (CWG) has worked with HHS, CISA and other federal agencies over the past several years to develop leading cybersecurity practices that are provided to all health organizations in the ecosystem. Today’s release of the HPH Cyber Performance Goals (CPGs) is the next iteration of that partnership. The CPGs amplify the recognition among health providers – large, medium and small – that cyber safety is patient safety, and that focused investment and accountability are imperative to inoculate our data, systems and patients against the rising epidemic of cyber-attacks on the sector. This accountability in turn must be supplemented with government and industry assistance to those under-resourced health systems that accept their cybersecurity responsibility for protecting patient safety as a national imperative but are financially and operationally constrained.

The CPGs were built to align and directly map to the Health Industry Cybersecurity Practices (HICP), a comprehensive resource jointly published in 2018 and updated in 2023 by HHS 405(d) and HSCC Cybersecurity Working Group. The CPGs, HICP, and the 25 other published HSCC toolkits and practices are living documents that will evolve with the threats. Next month HSCC will release its ambitious Five-Year Health Industry Cybersecurity Strategic Plan, forged by hundreds of healthcare leaders in consultation with our government partners. This plan provides a forward-looking formulary for how healthcare cybersecurity can upgrade from “critical” to “stable” condition by 2029.

About the Health Sector Coordinating Council Cybersecurity Working Group

The Health Sector Coordinating Council (HSCC) Cybersecurity Working Group (CWG) is a government-recognized critical infrastructure sector council of more than 400 healthcare providers, payers, pharmaceutical, lab, public health, medical technology and health I.T. entities partnering with government to identify and mitigate cyber threats to patient care, health data and research, systems, and manufacturing. The CWG membership collaboratively develops and publishes freely-available healthcare cybersecurity best practices and policy recommendations, and produces outreach and communications programs emphasizing the imperative that Cyber Safety is Patient Safety. See


Greg Garcia, HSCC CWG Executive Director