HHS Cybersecurity Task Force Recommendations
Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients (HICP), the primary publication of the Cybersecurity Act of 2015, Section 405(d) Task Group, aims to raise awareness, provide vetted cybersecurity practices, and move organizations towards consistency in mitigating the current most pertinent cybersecurity threats to the sector. It seeks to aid healthcare and public health organizations to develop meaningful cybersecurity objectives and outcomes. The publication includes a main document, two technical volumes, and resources and templates.
- Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients (HICP): The HICP examines cybersecurity threats and vulnerabilities that affect the healthcare industry. It explores (5) current threats and presents (10) practices to mitigate those threats.
- Technical Volume 1: Cybersecurity Practices for Small Health Care Organizations: Technical Volume 1 discusses the ten Cybersecurity Practices along with Sub-Practices for small health care organizations.
- Technical Volume 2: Cybersecurity Practice for Medium and Large Health Care Organizations: Technical Volume 2 discusses the ten Cybersecurity Practices along with Sub-Practices for medium and large health care organizations.
- Resources and Templates: The Resources and Templates portion includes a variety of cybersecurity resources and templates for end users to reference.
HICP outlines a common set of voluntary, consensus-based, and industry-led guidelines, best practices, methodologies, procedures, and processes to achieve three core goals:
- Cost-effectively reduce cybersecurity risks for a range of health care organizations
- Support the voluntary adoption and implementation of its recommendations
- Ensure, on an ongoing basis that content is actionable, practical, and relevant to health care stakeholders of every size and resource level
The publication reviews mitigation strategies for the current most impactful cybersecurity threats:
- E-mail phishing attacks
- Ransomware attacks
- Loss or theft of equipment or data
- Insider, accidental or intentional data loss
- Attacks against connected medical devices that may affect patient safety
Included with today’s notice is an example policy related to responding to cyber-attacks.
Want to read the full alert and receive alert emails?