Website Preloader

The ProcessBolt Platform


ProcessBolt AI

AI-assisted vendor risk management, and real-time threat monitoring platform. 



Attack surface management and security rating solution.



Document intelligence and analytics.


Share Center

Secure and timebound document sharing for the enterprise.


Assessment & RFP Response Solution

Answer questionnaires using Knowledge Base and documents with AI assistance.

Proposed $1.4B to Help Hospitals Improve Their Cybersecurity

Biden’s 2025 Proposed $7.3 trillion Budget: $1.4B to Help Hospitals Improve Their Cybersecurity

President Biden recently unveiled the draft 2025 budget, which allocates $1.3B in funding for hospitals to implement the Department of Health and Human Services (HHS) cybersecurity goals, and $144MM for the HHS to bolster their own security measures.

Biden’s focus on aiding hospitals in tackling cybersecurity challenges stems from the escalating prevalence of cyber incidents within the healthcare sector and the potential disruptions these attacks can inflict on patient care. From 2018-2022, there was a 93% surge in large breaches reported to the HHS, with a 278% increase in large breaches involving ransomware. Such incidents have led to prolonged care interruptions, patient diversions to other facilities, and delayed medical procedures, all of which jeopardize patient safety.

The $1.3B allocated for hospital support is divided into two main categories: $800MM is designated for “high-need, low-resourced” hospitals to cover the upfront costs of meeting HHS goals, and $500MM is set aside as incentives for all hospitals to adopt these goals.

To fully appreciate the significance of this $1.4B in proposed funding aimed at enhancing cybersecurity in healthcare, it’s crucial to understand the key components of the HHS cybersecurity strategy.

This blog will explore the HHS plan to address cybersecurity, how the proposed funding will enable the HHS to execute its strategy, and what the budget means for vendor risk management in hospitals.

What is the HHS Plan to Address Cybersecurity Challenges for Hospitals?

In December 2023, the HHS released a concept paper outlining their strategy to help healthcare organizations manage cybersecurity more effectively.

The concept paper identifies the four pillars for action, which we discussed in more detail in a previous blog:

  • Establishing voluntary cybersecurity goals for the healthcare sector: HHS will publish Healthcare and Public Health Sector-specific Cybersecurity Performance Goals (HPH CPGs).
  • Providing resources to incentivize implementation of these cybersecurity practices: HHS will work with Congress to create mechanisms that encourage hospitals to invest in HPH CPGs.
  • Implementing an HHS-wide strategy to support greater enforcement and accountability: With increasing cyber risks at hospitals, HHS envisions a future where all hospitals are required to meet sector-specific CPGs.
  • Expanding and maturing the one-stop shop within HHS for healthcare cybersecurity: HHS aims to enhance its cybersecurity support function to better facilitate access to Federal Government support and services.

While the concept paper was an important initial step, several key issues needed clarification for the HHS to effectively implement this strategy, such as the release of the HPH CPGs and clarity on the available funding to incentivize hospitals to adopt HPH CPGs.

What Key Priorities Does the HHS Want Hospitals to Address?

In January 2024, a month after publishing the initial concept paper, the HHS provided more details on the HPH CPG, outlining two types of goals:

  • Essential Goals: Intended to help healthcare organizations address common vulnerabilities by establishing a baseline for safeguards against cyberattacks.
  • Enhanced Goals: Aimed at helping organizations improve their defenses to a more advanced level.

Essential Goals include:

  • Mitigating Known Vulnerabilities
  • Email Security
  • Multifactor Authentication
  • Basic Cybersecurity Training
  • Strong Encryption
  • Revoking Credentials for Departing Workforce Members
  • Basic Incident Planning and Preparedness
  • Unique Credentials
  • Separating User and Privileged Accounts
  • Vendor/Supplier Cybersecurity Requirements

Enhanced Goals include:

  • Asset Inventory
  • Third Party Vulnerability Disclosure
  • Third Party Incident Reporting
  • Cybersecurity Testing
  • Cybersecurity Mitigation
  • Detect and Respond to Relevant Threats and Tactics, Techniques, and Procedures Network Segmentation
  • Centralized Log Collection
  • Centralized Incident Planning and Preparedness
  • Configuration Management

What Does the Budget Mean for Vendor Risk Management?

One of the major challenges hospitals currently face is effectively managing vendor risk. The release of the budget coincides with the healthcare sector grappling with the aftermath of the Change Healthcare data breach. Change Healthcare, a key player in hospital claims processing and payments, processes over 15 billion claims annually. This breach has caused severe operational disruptions, affecting hospitals’ ability to provide patient care and pharmacies’ capacity to administer prescriptions.

This incident underscores the critical role of third parties in the healthcare ecosystem and highlights the importance of effective vendor risk management. Recognizing this, the HHS has made vendor risk management an Essential Goal in their HPH CPG. $800M of the funding is aimed at supporting “high-need, low-resourced” hospitals in implementing vendor risk management programs, while $500M will incentivize other hospitals to adopt similar programs.

How ProcessBolt Can Help

ProcessBolt offers a fully integrated, AI-driven vendor risk management platform that can help hospitals manage vendor risk effectively and efficiently. Our AI-driven platform uniquely enables healthcare organizations to assess and continuously monitor their vendor networks. For hospitals that may lack the resources to manage vendor risk internally, we also offer fully outsourced managed services.

More information will be shared in the coming months about the distribution mechanics of this funding to hospitals for implementing these goals. In the meantime, get in touch with us today to learn more about how we can assist you in successfully implementing this Essential Goal.

Please enable JavaScript in your browser to complete this form.
Please enter your business email address.

You May Also Like…