Data theft and ransomware attacks targeting health care organizations have increased dramatically over the past several years, disrupting patient care, safety and privacy. Your organization can prepare for and manage such risks by viewing cybersecurity not as an IT issue but rather by making it part of your existing governance, risk management and business continuity framework.

The AHA has long been committed to helping hospitals and health systems defend against and deflect cyberattacks. As the cybersecurity landscape continues to evolve, we are working closely with federal agencies, the hospital field and solution providers to build trusted relationships and channels for the exchange of cyberthreat information, as well as resources to support the implementation of risk mitigation practices.

HHS Cybersecurity Performance Goals

HHS created a set of Cybersecurity Performance Goals (CPG) specifically for the Healthcare and Public Health (HPH) sector to encourage the implementation of high-impact cybersecurity practices to help organizations better prepare for and mitigate cyber threats.

These practices are designed to:

  • Better protect your hospital or health system from cyberattacks.
  • Improve response when events occur.
  • Minimize residual risk.
  • Mature and heighten your cybersecurity capabilities.
  • Ultimately, protect patient health information and safety.

The CPGs are targeted at defending against the most common tactics used by cyber adversaries to attack health care and related third parties, such as exploitation of known technical vulnerabilities, phishing emails and stolen credentials. The AHA recommends that these CPGs apply to all components of the health care sector, including third-party technology partners and business associates.

Learn more about the CPGs on the HHS Cybersecurity Performance Goals webpage. Or print the Goals.

How can AHA Help?

While escalating cyberattacks underscores the critical need for your hospital or health system to defend against malicious actors, you cannot do it alone.

That’s why the AHA is collaborating with multiple parties across the public and private sectors to support our members with cybersecurity risk mitigation.

As part of this work, the AHA established the AHA Preferred Cybersecurity Provider (APCP) program to help our members’ cybersecurity initiatives. These vetted, highly reputable and accomplished cybersecurity providers listed below have developed dedicated resources and special offerings to help you address your cybersecurity and risk mitigation challenges.

Cybersecurity Resources from AHA Partners


For all AHA-member nonprofit hospitals, three complimentary services including consultation with Google ChromeOS Healthcare Specialists, evaluation and certification of existing hardware to run ChromeOS Flex, and access to ChromeOS Jumpstart Program.


Providing free cybersecurity assessments including insights and recommendations on improving your hospital's cybersecurity awareness and defenses. Offer includes cybersecurity awareness and risk mitigation training for frontline and IT staff and affordable access to advanced enterprise security product suite and Windows 10 Extended Security Update free for one year. For independent CAHs and REHs, Microsoft will provide standard nonprofit discounts.


Four complimentary services for all AHA members to prepare for CPG compliance, including access to a submission platform, risk analysis and cyber insurance policy review. Plus a complete package of discounted pricing on Aon cyber solutions for 16 of the 20 specific Essential and Enhanced cybersecurity goals.


Complimentary CPG Compliance Started Kit for all AHA members, which includes a tool to assess compliance, benchmark performance, implement assessments and action plans, monitor risk and report compliance.

Critical Insight

Complimentary incident response plan checkup for all AHA members, plus discounts on access to a platform, tools and professional advisory services to achieve both Essential and Enhanced cybersecurity goals.


Discount for all AHA members off price of Cylera platform, an advanced healthcare IoT asset intelligence and security solution that optimizes care delivery, service availability, and cyber defenses across healthcare IT, IoT, connected medical devices and building management systems.

GM Sectec

For all AHA members. complimentary 30-day trial of ThreatWise, an early-warning ransomware detection service, plus a discount off DataPreserve, a data backup and recovery service that protects cloud-based and Office 365 data.

Learn more about the APCP program plus additional APCP providers fulfilling a range of cybersecurity needs.


Stay up-to-date on the latest cybersecurity news, resources & alerts.