State policy trends in cybersecurity and public health preparedness
Cybersecurity is an increasingly important component of public health preparedness as state cybersecurity policy intersects with public health agency responsibilities. Public health agencies rely on interconnected digital systems and critical infrastructure for disease surveillance, laboratory reporting, emergency communications, and health data management, making cybersecurity critical to maintaining these functions. Beyond compromising sensitive data and potentially harming patients, cyber incidents can disrupt essential public health services, including emergency response operations.
Health care data breaches have steadily increased over the last 15 years, highlighting growing risks for government and health systems. A recent report showed that more than 7,000 health care data breaches were reported to the Department of Health and Human Services since 2009, and reported HIPAA data breaches in 2023 were nearly double the number recorded in 2018. Meanwhile, preparedness capacity has lagged: as of 2022, only 13% of local health departments reported being prepared for cyber-related disruptions, and recent scans show cybersecurity is rarely included in emergency preparedness planning.
In response at the federal level, HHS recently announced it is undoing a 2024 reorganization by returning department-wide technology responsibilities to the Office of the Chief Information Officer while refocusing the Office of the National Coordinator for Health Information Technology on improving nationwide health IT interoperability and data sharing.
Read more at ASTHO