Subscribe To Our Daily Enewsletter:

HHS Releases Voluntary Healthcare Cybersecurity Practices

The U.S. Department of Health and Human Services (HHS) last Friday released a four volume set of voluntary cybersecurity practices to help healthcare organizations ranging from local clinics to large hospital systems deal with the menacing threats hackers pose.

HHS’s Janet Vogel

Some 150 cybersecurity and healthcare experts from HHS and the private sector collaborated over two years to compile the publication, which was mandated by the Cybersecurity Act of 2015. The end goal was to develop practical cybersecurity guidelines to cost-effectively reduce cybersecurity risks for the healthcare industry. Officials called the initiative a “true public-private partnership to better secure the nation’s health systems.”

Material in the documents ranges from an overview of the threat landscape to specific cybersecurity practices for small, medium and large organizations. A volume of resources and templates is also included and a toolkit to help organizations prioritize threats and develop their own action plans is in development.

“Cybersecurity is everyone’s responsibility,” said Janet Vogel, HHS Acting Chief Information Security Officer. “In all of our efforts, we must recognize and leverage the value of partnerships among government and industry stakeholders to tackle the shared problems collaboratively.”

Here are the four documents:

Cybersecurity Practices Assessments Toolkit: This tool, still in development, is designed to help organizations prioritize their cyber threats and develop their own action plans using the assessment methodology outlined in the Resources and Templates volume.

“We heard loud and clear through this process that providers need actionable and practical advice, tailored to their needs, to manage modern cyber threats,” said Erik Decker, the University of Chicago Medicine’s industry co-lead and chief information security and privacy officer.

Return Home

No Comments

Leave a Reply

Your email address will not be published. Required fields are marked *