Key Issues

Cybersecurity

HLC is compiling input from cyber experts across the healthcare industry to inform the development of legislation and regulations to strengthen federal cybersecurity. Our efforts help define appropriate incident reporting and provide restoration and resiliency recommendations.

A person typing at a keyboard
Background

The Issue

Cyberattacks in the healthcare sector are increasing at an alarming rate, with devastating consequences for patient care, supply chains, and critical infrastructure. Bad actors target healthcare organizations to steal, alter, or destroy sensitive data and force critical systems offline, leading to widespread disruption. These attacks jeopardize patient safety and impose significant financial and operational burdens on healthcare organizations.

Policy Solutions

HLC supports a comprehensive cybersecurity strategy that aligns incentives, strengthens industry best practices, and ensures an effective federal response. Policies should streamline reporting, promote collaboration, and safeguard healthcare organizations while minimizing compliance burdens.

The following policy recommendations would enhance cybersecurity defenses, reduce vulnerabilities, and foster greater public-private coordination to address evolving threats.

Enhance Public-Private Partnerships to Improve Resilience

Public and private-sector collaboration is essential to prevent, mitigate, and respond to cyber threats. HLC recommends identifying public-sector obligations, centralizing federal communication and coordination, and encouraging regular joint response exercises.

Bolster Investment to Strengthen Infrastructure

Less integrated, rural, and smaller healthcare organizations often lack resources to modernize outdated systems. Federal support is essential to ensure healthcare entities can upgrade their defenses. HLC recommends enhancing infrastructure and cybersecurity readiness, and preventing exploitation of known vulnerabilities.

Align Incentives and Safeguard Organizations Complying with Best Practices

Impractical timelines, duplicative requirements, and prescriptive methods add uncertainty in attaining best practices. To encourage timely reporting and proactive mitigation, organizations need protection from liability and reputational harm. HLC recommends encouraging transparency through incentives and protecting compliant organizations from undue risk.

Facilitate Cybersecurity Education and Workforce Training

Healthcare providers need ongoing education and training to stay ahead of evolving threats and adopt best practices in cybersecurity. HLC recommends supporting a skilled, cyber-aware healthcare workforce and promoting career development in cybersecurity.

HLC Report

Cybersecurity in Healthcare: Defining Private and Public Sector Responsibility

As life-threatening and financially crippling cyberattacks increase, a new report from HLC and HLC’s Confidentiality Coalition, proposes a collaborative public-private framework to safeguard the healthcare system.

View Report

Cybersecurity Letters & Comments

View All Related Letters & Comments
To Congress

Coalition letter urging Congress to reauthorize the Cybersecurity Information Sharing Act of 2015

Coalition letter urging Congress to reauthorize the Cybersecurity Information Sharing Act of 2015
To Congress

HLC joint letter urging Congress to reauthorize the Cybersecurity Information Sharing Act (CISA) of 2015

HLC joint letter urging Congress to reauthorize the Cybersecurity Information Sharing Act (CISA) of 2015
To The Administration

HLC and Confidentiality Coalition comments to CMS on the NPRM entitled, “HIPAA Security Rule to Strengthen the Cybersecurity Protected Health Information”

HLC and Confidentiality Coalition comments to CMS on the NPRM entitled, “HIPAA Security Rule to Strengthen the Cybersecurity Protected Health Information”

Cybersecurity News

View All Related News
HLC Press Release

As Congress Examines Escalating Cyber Threats to U.S. Patients, New HLC Report Calls for Joint Public-Private Defense

Report aims to “spark substantive dialogue and drive the public-private coordination that’s urgently needed”As life-threatening and financially crippling cyberattacks increase, a new report from the Healthcare Leadership Council (HLC)—an association…

As Congress Examines Escalating Cyber Threats to U.S. Patients, New HLC Report Calls for Joint Public-Private Defense
HLC Press Release

“Bring consumer protections into the digital age” – HLC and Confidentiality Coalition Support Digital Protection Solutions for Americans

The Healthcare Leadership Council (HLC), an association of CEOs and C-suite executives from all sectors of healthcare, responded to the Energy and Commerce Committee’s Privacy Working Group’s request for information (RFI) exploring the parameters of…

“Bring consumer protections into the digital age” – HLC and Confidentiality Coalition Support Digital Protection Solutions for Americans
HLC Press Release

“Unattainable Implementation, Impracticable Timelines“ – HLC and Confidentiality Coalition Urge HIPAA Security Rule NPRM Revisions

Today, the Healthcare Leadership Council (HLC), an association of CEOs and C-suite executives from all sectors of healthcare, submitted comments to the Department of Health and Human Services’ Office of Civil Rights (OCR) in response to its Health I…

“Unattainable Implementation, Impracticable Timelines“ – HLC and Confidentiality Coalition Urge HIPAA Security Rule NPRM Revisions
About

Explore HLC

HLC is the only group in Washington that unites healthcare CEOs and leaders across all sectors to shape policy that strengthens the system and improves care.

Learn About HLC