HHS and Industry Release Voluntary Cybersecurity Practices for the Health Industry

Monday, January 21, 2019 01:46 PM

HHS, in partnership with industry, is pleased to announce the release of the “Health Industry Cybersecurity Practices (HICP): Managing Threats and Protecting Patients” publication. The four-volume publication seeks to raise awareness for executives, health care practitioners, providers, and health delivery organizations, such as hospitals. It is applicable to health organizations of all types and sizes across the industry.

This industry-led effort was in response to a mandate set forth by the Cybersecurity Act of 2015 Section 405(d), to develop practical cybersecurity guidelines to cost-effectively reduce cybersecurity risks for the health care industry. The publication marks the culmination of a two-year effort that brought together over 150 cybersecurity and health care experts from industry and the government under the Healthcare and Public Health (HPH) Sector Critical Infrastructure Security and Resilience Public-Private Partnership.

The publication consists of four volumes:

1. The Main document of the publication explores the five most relevant and current threats to the industry and recommends 10 Cybersecurity Practices to help mitigate these threats.
2. Technical Volume 1 discusses these 10 cybersecurity practices for small health care organizations. It is intended for IT and IT security professionals.
3. Technical Volume 2 discusses these 10 cybersecurity practices for medium and large health care organizations. It is intended for IT and IT security professionals
4. Resources and Templates provides additional resources and materials that organizations can leverage to develop policies and procedures as well as assess their own cybersecurity posture, through a Cybersecurity Practices Assessment Toolkit. 

For more information on this effort and to download a copy of the publication, please visit the 405(d) website at www.phe.gov/405d. To request a copy of the Toolkit, email CISA405d@hhs.gov.