U.S. flag

An official website of the Department of Health & Human Services

AHRQ: Agency for Healthcare Research and Quality
Powered by the Evidence-based Practice Centers
Evidence Reports All of EHC
Evidence Reports All of EHC

SHARE:

FacebookTwitterFacebookPrintShare

Cybersecurity Impacts on Healthcare

NOMINATED TOPIC | April 14, 2023
Download Topic Suggestion Disposition (PDF, 252.8 KB)

1. What is the decision or change (e.g., clinical topic, practice guideline, system design, delivery of care) you are facing or struggling with where a summary of the evidence would be helpful?

Seeking to improve the measurable impact of cybersecurity events (ransomware, breaches, disruptions) on the entire USA healthcare sector by demonstrating improvement of cybersecurity rating scores across all USA hospitals.

2. Why are you struggling with this issue?

I am a member of the HHS Healthcare Threat Operations Center (HTOC) where we make investments (in terms of people, processes, and equipment) and perform operations to improve cybersecurity for the USA healthcare sector including USA hospitals. I am also a staff member of CMS (Medicare HQ) with resources including a database of all USA hospitals and the ability to use a tool to quantitatively measure a cybersecurity ratings score for each USA hospital.

  • Studies are almost non-existent (one, see attached) and there is wide uncertainty about the harms to USA hospitals from cybersecurity events.
  • There is a wide variation in best practices hospitals use to protect themselves from cybersecurity events ranging from small rural hospitals to large hospital systems.
  • It is unclear how to most effectively and efficiently encourage hospitals to use best practices to protect themselves from cybersecurity event harms. We have some ideas to improve hospital cybersecurity rating scores share given some feedback from an AHRQ investigation.

3. What do you want to see changed? How will you know that your issue is improving or has been addressed?

What do you want to see changed? We would like to see the cybersecurity rating score of the USA healthcare sector, in particular hospitals, significantly improved by measuring an increased quantitative statistical (average/mode) hospital cybersecurity score.
How will you know that your issue is improving or has been addressed? By quantitatively measuring an improved average/mode hospital cybersecurity rating score across all USA Hospitals - with statistical significance (beyond error interval).

4. When do you need the evidence report?

Wed, 06/12/2024

5. What will you do with the evidence report?

An AHRQ report will be used to support investment planning decisions for Federal cybersecurity operations focused on the USA healthcare sector, particularly focused on improving the protection of USA hospitals from cybersecurity events.

Supporting Documentation

Upload Document

Research and Applications (PDF, 372 KB)

Optional Information About You

What is your role or perspective? CMS staff member (Centers for Medicare & Medicaid Services)

If you are you making a suggestion on behalf of an organization, please state the name of the organization HTOC - Healthcare Threat Operations Center

May we contact you if we have questions about your nomination? Yes

Page last reviewed June 2024
Page originally created April 2023

Internet Citation: Cybersecurity Impacts on Healthcare. Content last reviewed June 2024. Effective Health Care Program, Agency for Healthcare Research and Quality, Rockville, MD.
https://effectivehealthcare.ahrq.gov/get-involved/nominated-topics/cybersecurity

Select to copy citation