HHS releases voluntary cybersecurity practices for health industry

(Washington, DC – Insurance News 360) – On Dec. 28, the Department of Health and Human Services (HHS) released the “Health Industry Cybersecurity Practices (HICP): Managing Threats and Protecting Patients” publication. The four volume publication, aims to provide voluntary cybersecurity practices to healthcare organizations of all types and sizes, ranging from local clinics to large hospital systems.

This was report came from a mandate to develop practical cybersecurity guidelines to reduce risks for the industry, as part of the Cybersecurity Act of 2015 Section 405(d). The publication is an end of a two-year effort bringing together over 150 cybersecurity and healthcare experts from industry and the government under the Healthcare and Public Health (HPH) Sector Critical Infrastructure Security and Resilience Public-Private Partnership. It was the result of a true public-private partnership to better secure the nation’s health systems.

“Cybersecurity is everyone’s responsibility.  It is the responsibility of every organization working in healthcare and public health.  In all of our efforts, we must recognize and leverage the value of partnerships among government and industry stakeholders to tackle the shared problems collaboratively,” said Janet Vogel, HHS Acting Chief Information Security Officer.

Technologies that are vital to the healthcare industry and help provide life-saving treatments and improve patient care are also susceptible to attacks. They can be exploited for personal data or to shut down entire hospital systems.

“The healthcare industry is truly a varied digital ecosystem. We heard loud and clear through this process that providers need actionable and practical advice, tailored to their needs, to manage modern cyber threats. That is exactly what this resource delivers; recommendations stratified by the size of the organization, written for both the clinician as well as the IT subject matter expert.” said Erik Decker, industry co-lead and Chief Information Security and Privacy Officer for the University of Chicago Medicine.

The HICP publication aims to provide cybersecurity practices for this sector to improve the security and safety of patients. It recommends 10 Cybersecurity Practices to help mitigate these threats. It also lays out a call to action for all industry stakeholders, from C-suite executives and healthcare practitioners to IT security professionals, that protective and preventive measures must be taken now.

For more information on this effort and to download a copy of the publication, please visit the 405(d) website at www.phe.gov/405d.

Source: U.S. Department of Health and Human Services (HHS).