March 12, 2026
HHS Releases Cybersecurity Toolkit
The Administration for Strategic Preparedness and Response (ASPR), a division of the U.S. Department of Health and Human Services, is introducing a new cybersecurity module within the Risk Identification and Site Criticality (RISC) 2.0 Toolkit.
“Cyber threats are growing more sophisticated. This module is the latest addition to our toolkit of resources to assist our health care and public health partners in preventing the disruption of patient care and strengthening national health security,” says ASPR Principal Deputy Assistant Secretary John Knox. “We must acknowledge that cyber safety is patient safety and that cyber threats can cause cascading problems across the health care industry. The new cybersecurity module will help our partners understand what is needed to strengthen their resilience.
RISC 2.0 is a free, web-based platform where organizations can conduct risk assessments by identifying threats, assessing vulnerabilities, determining consequences and criticality, and sharing findings with stakeholders. Currently more than 3,500 Health Systems are using the RISC Tool.
The new cybersecurity module guides users through a series of questions about their policies and practices, scoring responses against the NIST Cybersecurity Framework 2.0 and HHS Cybersecurity Performance Goals. This objective, standards-based approach helps organizations identify critical gaps, prioritize investments, and make informed decisions about risk mitigation. When health care organizations have the means to identify risks and vulnerabilities, they can implement strategies that minimize disruptions to patient care and strengthen preparedness and resilience.
Click Here to Learn More
Click Here to Access RISC Toolkit 2.0
Click Here to Access the NIST Cybersecurity Framework 2.0