On Dec. 28, the Department of Health and Human Services (HHS) released the “Health Industry Cybersecurity Practices (HICP): Managing Threats and Protecting Patients” publication. The four volume publication, aims to provide voluntary cybersecurity practices to healthcare organizations of all types and sizes, ranging from local clinics to large hospital systems.
The industry-led effort was in response to a mandate set forth by the Cybersecurity Act of 2015 Section 405(d), to develop practical cybersecurity guidelines to cost-effectively reduce cybersecurity risks for the healthcare industry. The publication marks the culmination of a two-year effort that brought together over 150 cybersecurity and healthcare experts from industry and the government under the Healthcare and Public Health (HPH) Sector Critical Infrastructure Security and Resilience Public-Private Partnership. It was the result of a true public-private partnership to better secure the nation’s health systems.
For more information on this effort and to download a copy of the publication, please visit the 405(d) website at www.phe.gov/405d.