Healthcare Cyber Exercise: National ‘Operation Vital Signs’ Test Planned

The healthcare sector is bracing for a comprehensive cybersecurity assessment this summer with “Operation Vital Signs,” a two-day virtual exercise co-hosted by the Health Sector Coordinating Council’s Cybersecurity Working Group (CWG) and Health-ISAC. Scheduled for July 21-22, the exercise aims to identify vulnerabilities in incident response and recovery protocols across the sprawling landscape of American healthcare, from hospitals and clinics to pharmaceutical companies and public health agencies. As cyberattacks against healthcare organizations continue to rise in frequency and sophistication, this national drill represents a proactive step toward bolstering the sector’s defenses and safeguarding patient safety.

The increasing reliance on digital infrastructure within healthcare—electronic health records, connected medical devices and telehealth platforms—has simultaneously improved patient care and expanded the attack surface for malicious actors. Ransomware attacks, in particular, have grow a significant threat, disrupting critical services and potentially endangering lives. A 2023 report by the U.S. Department of Health and Human Services (HHS) highlighted the escalating financial and operational impact of cyberattacks on healthcare providers, noting a substantial increase in reported incidents and associated costs. The HHS Cybersecurity Strategy emphasizes the demand for a coordinated, sector-wide approach to cybersecurity, and Operation Vital Signs is a direct response to that call.

Simulating a Real-World Cyber Incident

Operation Vital Signs isn’t a theoretical tabletop exercise; it’s designed to simulate a realistic cyber incident impacting critical functions and patient care. Participants will engage in two half-day sessions on a virtual platform, focusing on the collective impact of a large-scale attack, the coordination required between organizations, the effective sharing of resources, and the seamless flow of information during a crisis. The exercise will challenge participants to navigate the complexities of a rapidly evolving threat landscape and test their ability to respond effectively under pressure. According to Greg Garcia, Executive Director at Health Sector Coordinating Council Cybersecurity Working Group, the exercise will focus on enterprise and cross-sector response and recovery. Garcia announced the exercise on LinkedIn, emphasizing the importance of a unified approach to cybersecurity in the health sector.

The CWG, representing over 480 healthcare organizations, is specifically calling for personnel involved in cyber incident response, crisis and continuity operations, recovery planning, and external coordination to participate. This includes individuals responsible for leading these efforts within hospitals, health systems, payers, pharmaceutical companies, medical technology firms, health IT vendors, and public health agencies. Participants will be asked to complete pre- and post-exercise surveys, providing valuable data that will inform a publicly released report summarizing the findings and outcomes. This report will serve as a crucial resource for the entire sector, identifying areas for improvement and guiding future cybersecurity investments.

Who Should Participate?

The scope of Operation Vital Signs is intentionally broad, encompassing all entities within the public health sector. This inclusive approach recognizes that a successful cybersecurity strategy requires collaboration across the entire ecosystem. Specifically, the following organizations are encouraged to participate:

  • Healthcare Providers: Hospitals, clinics, physician practices, and other direct patient care facilities.
  • Payers: Health insurance companies and managed care organizations.
  • Pharmaceutical and Laboratory Companies: Organizations involved in the research, development, and manufacturing of pharmaceuticals and diagnostic tests.
  • Medical Technology Firms: Companies that produce medical devices, equipment, and software.
  • Health IT Vendors: Providers of electronic health record systems, telehealth platforms, and other health information technology solutions.
  • Public Health Agencies: Local, state, and federal agencies responsible for protecting and improving public health.
  • Government Agencies: Federal agencies involved in healthcare and cybersecurity.

The Growing Threat to Healthcare Cybersecurity

The healthcare industry has become a prime target for cybercriminals due to the sensitive nature of patient data and the potential for significant financial gain. Protected Health Information (PHI) is highly valuable on the black market, and healthcare organizations are often willing to pay ransoms to regain access to critical systems and avoid data breaches. According to the HIPAA Journal, there were 725 healthcare data breaches reported in 2023, exposing over 51 million patient records. These statistics underscore the urgent need for enhanced cybersecurity measures.

Beyond ransomware, healthcare organizations face a range of cyber threats, including phishing attacks, malware infections, and denial-of-service attacks. The increasing use of Internet of Medical Things (IoMT) devices—connected medical devices such as insulin pumps, pacemakers, and monitoring systems—also introduces new vulnerabilities. These devices often lack robust security features and can be exploited by attackers to gain access to sensitive data or disrupt patient care. The Food and Drug Administration (FDA) has issued guidance to medical device manufacturers on cybersecurity best practices, but the implementation of these recommendations remains a challenge.

Operation Vital Signs: A Proactive Approach

Operation Vital Signs represents a proactive approach to addressing these challenges. By simulating a real-world cyber incident, the exercise will help organizations identify weaknesses in their security posture, test their incident response plans, and improve their coordination with other stakeholders. The publicly released report will provide valuable insights into the current state of healthcare cybersecurity and inform future efforts to strengthen the sector’s defenses. The exercise is designed to be a learning experience for all participants, fostering a culture of continuous improvement and collaboration. Registration for Operation Vital Signs is currently open through Health-ISAC’s community portal.

The Health Information Sharing and Analysis Center (Health-ISAC) plays a critical role in facilitating information sharing and collaboration among healthcare organizations. Established in 2003, Health-ISAC serves as a trusted source of threat intelligence and best practices, helping members to proactively defend against cyberattacks. The organization provides a platform for members to share information about emerging threats, vulnerabilities, and incidents, enabling a collective response to the evolving cyber landscape.

Looking Ahead: Strengthening Healthcare Cybersecurity

Operation Vital Signs is just one piece of a larger effort to strengthen healthcare cybersecurity. Ongoing investments in cybersecurity infrastructure, training, and awareness are essential. Collaboration between government, industry, and academia is also crucial. The HHS Cybersecurity Strategy outlines a comprehensive framework for improving cybersecurity across the healthcare sector, focusing on four key pillars: threat intelligence, incident prevention, response and recovery, and workforce development.

The success of Operation Vital Signs will depend on the active participation of healthcare organizations across the country. By taking part in this exercise, organizations can demonstrate their commitment to protecting patient data and ensuring the continuity of care. The findings from the exercise will undoubtedly inform future cybersecurity strategies and help to build a more resilient healthcare system. The public report summarizing the exercise’s outcomes is expected to be released in the fall of 2026, providing a valuable resource for the entire healthcare community.

The next key date to watch is the release of the Operation Vital Signs public report, anticipated in Fall 2026. This report will offer critical insights into the healthcare sector’s cybersecurity preparedness. I encourage readers to share their thoughts on the importance of cybersecurity in healthcare in the comments below and to share this article with their colleagues.

Leave a Comment