Advancing Cybersecurity Awareness in the Healthcare and Public Health Sector

The Tetra Tech Federal IT Group applies artificial intelligence (AI) and automation tools at the U.S. Department of Health and Human Services (HHS) to increase outreach within the Healthcare and Public Health (HPH) community.

Safeguarding protected health information (PHI) is a critical priority within the HHS. In 2015 Congress passed the Cybersecurity Act of 2015, Section 405(d), directing HHS to establish consensus-based guidelines, best practices, procedures, and processes to address cyber threats across the healthcare industry. To help HHS meet this mandate, the Tetra Tech Federal IT Group’s EGlobalTech guided strategic direction and executed the 405(d) Program. The campaign culminated with the creation of the “Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients (HICP)” publication and accompanying initiatives to drive adoption of the practices throughout the HPH sector.

Once the HICP publication was complete, Tetra Tech contributed to strategic communications and branding efforts to build awareness of the publication and other 405(d) initiatives.

Traditional and AI Tools Layer to Reach Broad HPH Community

To craft the HICP publication, Tetra Tech initiated a 405(d) Task Group of 150 HPH stakeholders and facilitated regular meetings and focus sessions. Effective stakeholder management was critical in identifying priorities, risks, and building agreement on the pressing needs of the healthcare industry. Our team documented cyber risk mitigations developed by the task group, provided cybersecurity subject matter experts to validate the guidance proposed, and facilitated discussions to resolve conflicting perspectives throughout the drafting process.

Once the HICP publication was finalized, Tetra Tech contributed to strategic communications and branding campaign to build awareness of the publication and other 405(d) initiatives. We conducted layered outreach activities, including developing and distributing newsletters, guiding webinars, hosting town hall events, and producing social media campaigns.

Tetra Tech applied a tailored beta AI and automation tool to increase outreach with the broader HPH community. HHS recognized a need for easy-to-consume cyber risk management content to reach broader audiences. The Tetra Tech Federal IT Innovation Lab proposed a custom conversational chatbot to convey highly technical material into digestible and actionable content. HHS also would benefit from the tool’s real-time analytics to guide the chatbot learning and target audience priorities.

Tailoring the Tool and Utilizing Analytics for Insight

Tetra Tech launched a pilot program to allow rigorous testing by the 405(d) Task Group. The chatbot answered questions from members of the HPH sector about the Task Group’s mission, directed users to sections of the HICP publication, explained cybersecurity concepts, directed users on how to report cyber incidents, and explained healthcare cybersecurity acronyms.

Tetra Tech developed a guiding dashboard to monitor the performance and provide analytics and insights on the most asked questions. The dashboard showcased usage analytics, questions asked by users, the number of user inquires received, estimates on time saved by users, and the response rate of the chatbot. This information was available for subsequent tuning of the chatbot to improve its performance over time and the efficiency of making important cyber risk mitigation information available to members of the HPH community.

Tetra Tech’s support of the 405(d) Program demonstrates the power of effective stakeholder engagement, which is often overlooked in cybersecurity initiatives, and the application of AI-powered automation, a concept not commonly applied to stakeholder engagement in cybersecurity. The program continues to play a key role in the safeguarding of PHI in the HPH sector.