New cyber module strengthens risk planning for health organizations

The Administration for Strategic Preparedness and Response’s (ASPR) new cybersecurity module in the Risk Identification and Site Criticality (RISC) 2.0 Toolkit helps organizations identify critical gaps, prioritize investments, and make informed decisions about risk mitigation to reduce disruptions to patient care and strengthen resilience.

Healthcare leaders identified cloud-related threats, quantum computing risks, and attacks on connected products as the three areas where they feel least prepared.

“Cyber threats are growing more sophisticated. This module is the latest addition to our toolkit of resources to assist our health care and public health partners in preventing the disruption of patient care and strengthening national health security,” John Knox, ASPR Principal Deputy Assistant Secretary, explained.

“We must acknowledge that cyber safety is patient safety and that cyber threats can cause cascading problems across the health care industry. The new cybersecurity module will help our partners understand what is needed to strengthen their resilience and we strongly encourage them to take advantage of it,” Knox continued.

The module guides users through a series of questions about their policies and practices, scoring responses against the NIST CSF 2.0 and HHS Cybersecurity Performance Goals. This allows facilities, health systems, and coalitions to assess cyber risk alongside other hazards in a unified platform. Users can complete the questionnaire independently or with support from needed risk assessments.

RISC 2.0 is a free, web-based tool that enables organizations to conduct risk assessments by identifying threats, assessing vulnerabilities, determining consequences and criticality, and sharing findings with stakeholders. More than 3,500 health systems are already using the RISC 2.0 Toolkit.