HHS Launches Cybersecurity Module Within RISC 2.0 Toolkit

Healthcare organizations face an escalating wave of ransomware attacks, data breaches, and supply‑chain vulnerabilities that can disrupt patient care and erode trust. While many providers have invested in point solutions, the lack of a unified, sector‑wide assessment framework has made it difficult to benchmark security posture or justify spending. ASPR’s new cybersecurity module addresses this gap by embedding a NIST CSF 2.0‑aligned questionnaire directly into the RISC 2.0 platform, offering a common language for risk evaluation across public and private entities.

The RISC 2.0 toolkit already serves as a comprehensive hazard assessment hub, enabling users to map threats, vulnerabilities, and consequences for physical, environmental, and now cyber risks. By scoring responses against HHS Cybersecurity Performance Goals, the module translates qualitative inputs into quantitative risk scores, spotlighting critical deficiencies and ranking remediation actions. This data‑driven approach empowers health systems to allocate limited cybersecurity budgets more effectively, aligning investments with the most impactful risk reduction opportunities.

For the broader health sector, the free, web‑based solution promotes collaborative risk management, allowing hospitals, health systems, and coalitions to share findings with regulators and peers. As adoption grows, the aggregated data could inform national resilience strategies and shape future policy. Ultimately, the integration of cyber risk into RISC 2.0 equips providers with a scalable, standards‑based tool to strengthen defenses, safeguard patient information, and maintain operational continuity in an increasingly hostile digital landscape.