On October 29, 2018, Deputy Secretary of the U.S. Department of Health and Human Services (HHS) Eric Hargan announced the official opening of the Health Sector Cybersecurity Coordination Center (HC3). HC3 is an operational cybersecurity center designed to support and improve the cyber defense of the Healthcare and Public Health (HPH) sector of critical infrastructure. The HPH sector is compromised of hundreds of public and private enterprises, including healthcare delivery organizations and medical device manufacturers. The HPH sector of critical infrastructure is one of 16 sectors of critical infrastructure recognized by the U.S. Department of Homeland Security as critical because the assets, systems, and networks within those sectors are so vital to the U.S. that their incapacitation or destruction would have a debilitating effect on security, national economic security, and/or national public health.
According to the HHS, the role of HC3 is to “work with the sector, including practitioners, organizations, and cybersecurity information sharing organizations to understand the threats it faces, learn the bad guys’ patterns and trends, and provide information and approaches on how the sector can better defend itself.”
HC3 replaces the Healthcare Cybersecurity and Communications Integration Center (HCCIC), which was announced in April 2017. Leaders on the House Energy and Commerce Committee raised concerns about the HCCIC, noting that stakeholders “no longer understand whether the HCCIC still exists, who is running it, or what capabilities and responsibilities it has.” HHS noted that in developing HC3, stakeholders were directly consulted in the process.
The opening of HC3 highlights a growing focus by the federal government on cybersecurity more generally, including within the HPH sector of critical infrastructure. Other agencies, including the Food and Drug Administration and Department of Homeland Security, are also focusing on cybersecurity issues within their sphere of control and influence, including entering into a new memorandum of understanding and issuing new guidance on cybersecurity issues relating to medical devices.
Dentons is the world’s largest law firm, a leader on the Acritas Global Elite Brand Index, a BTI Client Service 30 Award winner, and recognized by prominent business and legal publications for its innovations in client service, including founding Nextlaw Labs and the Nextlaw Global Referral Network. The Dentons Privacy and Cybersecurity Group operates at the intersection of technology and law, and has been singled out as one of the law firms best at cybersecurity by corporate counsel, according to BTI Consulting Group.