The Administration for Strategic Preparedness and Response (ASPR) has introduced a new cybersecurity module within the Risk Identification and Site Criticality (RISC) 2.0 Toolkit.
RISC 2.0 is a free, web-based platform where organizations can conduct risk assessments by identifying threats, assessing vulnerabilities, determining consequences and criticality, and sharing findings with stakeholders.
Local health departments (LHDs) rely on digital systems to deliver essential services, manage sensitive health data, coordinate emergency response, and communicate with partners and communities. A cyber incident can disrupt operations, compromise patient and community trust, and delay critical public health actions—especially during emergencies when timely information and continuity of services are vital. NACCHO recognizes that strengthening cyber resilience is not just an IT issue, but a core component of preparedness and the ability of LHDs to safeguard the health and well-being of the communities they serve.
About the RISC 2.0 Cybersecurity Module
The new cybersecurity module guides users through a series of questions about their policies and practices, scoring responses against the NIST Cybersecurity Framework 2.0 and HHS Cybersecurity Performance Goals. This objective, standards-based approach helps organizations identify critical gaps, prioritize investments, and make informed decisions about risk mitigation. When health care organizations have the means to identify risks and vulnerabilities, they can implement strategies that minimize disruptions to patient care and strengthen preparedness and resilience. Currently, more than 3,500 Health Systems are using the RISC Tool.
ASPR is hosting a webinar on the new RISC 2.0 Cybersecurity Module on Monday, March 30, 2:00-3:00 PM EST. Click here to learn more and register.
HHS is the Sector Risk Management Agency (SRMA) for the Health Care and Public Health Sector and ASPR coordinates HHS SRMA activities and provides guidance and support to public and private partners to help enhance cybersecurity.
Click here to learn more about RISC 2.0, the cyber module, or implementing this resource at your health department.
