H-ISAC TLP White: HHS Releases New Voluntary Performance Goals to Enhance Cybersecurity Across the Health Sector

On January 24, 2024, the U.S. Department of Health and Human Services (HHS), through the Administration for Strategic Preparedness and Response (ASPR), released voluntary health care specific cybersecurity performance goals (CPGs) and a new gateway website to help Health Care and Public Health (HPH) sector organizations implement these high-impact cybersecurity practices and ease access to the plethora of cybersecurity resources HHS and other federal partners offer.

As outlined in the recent HHS Health Care Sector Cybersecurity concept paper, HHS is publishing the CPGs to help healthcare organizations, and healthcare delivery organizations in particular, prioritize the implementation of high-impact cybersecurity practices. The HPH CPGs are designed to protect the healthcare sector from cyberattacks better, improve response when events occur, and minimize residual risk. HPH CPGs include both essential goals to outline minimum foundational practices for cybersecurity performance and enhanced goals to encourage the adoption of more advanced practices.

View the detailed report below. 

For help with Cybersecurity and Risk Advisory Services exclusively for AHA members, contact:

John Riggi

National Advisor for Cybersecurity and Risk, AHA


(O) +1 202 626 2272