Free HHS Cybersecurity Training Helps Physicians Guard Against Top Threats
By Sean Price

The annual number of ransomware cybersecurity attacks on U.S. clinics, hospitals, and other health care organizations doubled between 2016 and 2021, from 43 to 91, according to research published in the Journal of the American Medical Association Health Forum.  

To help address this and other cybersecurity risks, the U.S. Department of Health and Human Services (HHS) recently released a free education platform that trains physicians, health care professionals, and staff to defend against the electronic attacks they are most likely to face on the job. 

The Knowledge on Demand platform provides training on five topics identified by HHS’ Health Industry Cybersecurity Practices (HICP) as the biggest areas of concern for health care and public health:  

  • Social engineering, 
  • Ransomware, 
  • Loss or theft of equipment or data, 
  • Insider accidental or malicious data loss, and 
  • Attacks against network-connected medical devices. 

“Cyberattacks are one of the biggest threats facing our health care system today, and the best defense is prevention,” HHS Deputy Secretary Andrea Palm said in a written statement announcing the platform.  

The average cost of one data breach in health care increased from $9.23 million in 2021 to $10.10 million in 2022, a record high, according to IBM’s Cost of a Data Breach Report 2022. Health care has the highest cost per breach of any industry, followed by the financial and pharmaceutical industries.   

Each HHS training contains videos, PowerPoint presentations, software, and job aids – checklists designed to be easy reference documents for people at work. The platform also includes the most updated HICP.   

All materials can be accessed through HHS’ 405(d) cybersecurity website.  

The Texas Medical Association’s HIPAA Resource Center provides other important cybersecurity resources for physicians.

Last Updated On

May 14, 2023

Originally Published On

May 10, 2023