Resource Available: Health Sector Cybersecurity Coordination Center (HC3)

Date: April 21, 2022

Resource Available: Health Sector Cybersecurity Coordination Center (HC3)

The U.S. Department of Health and Human Services is grateful for the opportunity to introduce the Health Sector Cybersecurity Coordination Center (HC3) and its initiative to improve operational resiliency in rural health throughout America.

HC3 aids in the protection, coordination, and sharing of actionable cybersecurity information to the Healthcare and Public Health (HPH) sector.  HC3 was established in response to the Cybersecurity Information Sharing Act of 2015, a federal law mandated to “improve the cybersecurity in the U.S. through enhanced sharing of information about cybersecurity threats, and for other purposes.”  HC3 develops vulnerability and cyber-attack mitigation resources and fosters HPH sector collaboration and partnerships.

Role

HC3 is an important element of the U.S. Department of Health and Human Services’ focus on cybersecurity collaboration with the HPH sector.  HC3 helps to identify, correlate, and communicate cybersecurity information across the HPH sector and connected communities.  HC3 actively collaborates with a variety of public and private HPH organizations and connected critical infrastructure stakeholders to understand threats, learn adversaries’ patterns and trends, provide the sector with actionable information and intelligence, and recommended approaches to improve defense and operational resiliency.  HC3 facilitates access to knowledge-based resources necessary to support robust cybersecurity programs, mitigate damage in security breach situations, and, via the HHS Office of Inspector General (HHS-OIG), contact victims and owners of vulnerable systems.

Products

HC3 develops and presents unclassified, knowledge-based resources (i.e. alerts, briefings, and whitepapers) with agency/sector-wide participation, geared towards addressing active cybersecurity threats and promoting and increasing HPH sector cyber knowledge.  These products are presented in regular webinars and distributed via the HC3 website and via public and private partners.

Collaborative Initiatives

HC3 collaborates with public and private partners, including individual HPH organizations, critical infrastructure or healthcare specific cooperatives and communities, law enforcement fusion centers, and federal partners (e.g. Department of Energy, Cybersecurity and Infrastructure Security Agency (CISA), Federal Emergency Management Agency, Federal Bureau of Investigation, and more).  Recent initiatives include:

  1. Collaborating with CISA and individual HPH organizations on tabletop exercises, which endeavor to improve reactions to cyber/physical threats and highlight opportunities for risk mitigation.
  2. Collaborating with rural health organizations to better understand and address novel risks and threats.

And, on that topic, as you’re aware, rural healthcare is a critical element serving rural communities throughout the nation.  The risk and threat of cyber-attack on rural healthcare may impact communities more than would similar attacks in urban areas, where there are more alternatives to support a loss of services.  HC3 is here to help, to collaborate and cooperate, to share intelligence, resources, and connections. 

Please reach out to connect, collaborate, and engage.