Biden admin rolls out cybersecurity toolkit for health care

Driving the news: Top officials from the Health and Human Services Department and the Cybersecurity and Infrastructure Security Agency (CISA) said Wednesday they have been working to better coordinate and clarify industry guidance.

• They jointly released the toolkit that includes ways for the health sector to mitigate risk, such as vulnerability scanning, best practices, and a framework for accessing and improving cyber resiliency.
• It's part of a broader set of tools HHS has been releasing over the last year to help improve cyber hygiene across the sector, said HHS Deputy Secretary Andrea Palm.
• "In cyber, it's hospitals that are on the front lines," said Nick Leiserson of the White House's Office of the National Cyber Director during a roundtable with industry leaders on Wednesday.

Between the lines: This year alone, CISA said it provided pre-ransomware notifications to roughly 65 U.S. health care organizations to stop ransomware encryption and warn entities of early-stage ransomware activity.

• Industry cybersecurity experts have raised alarm over health care's cyber defenses, noting how often health systems had to pay ransoms or sustain massive losses after their computer systems were crippled.

• Smaller health systems are often outgunned compared to larger ones, experts say. But even IT experts at large health systems find themselves confounded by a patchwork of regulations and guidance from state and federal agencies.

The intrigue: Palm mentioned an interesting tactic HHS has also employed in aiding health systems under an attack: It's played matchmaker with peer organizations that have been attacked before.

• The idea, she said, is "that they're not learning all of this from scratch in this fire drill, but that they've got sort of a peer partner that they can talk to about how they've navigated through it," Palm said.