DHHS launches voluntary cybersecurity practices for health industry

The U.S. Department of Health and Human Services (DHHS) published a four-volume set of voluntary cybersecurity practices for the healthcare industry at the end of last year.

The publication covers healthcare environments big and small and comes as a result of two years’ work between industry and government representatives. “Health Industry Cybersecurity Practices (HICP): Managing Threats and Protecting Patients” addresses the vital nature of technology to the healthcare industry, and most importantly, to its patients.

“The healthcare industry is truly a varied digital ecosystem,” said Erik Decker, industry co-lead and Chief Information Security and Privacy Officer for the University of Chicago Medicine. “We heard loud and clear through this process that providers need actionable and practical advice, tailored to their needs, to manage modern cyber threats. That is what this resource delivers; recommendations stratified by the size of the organization, written for both the clinician as well as the IT subject matter expert.”

A known problem of the modern era is that cyberattacks of varying motive and extent have repeatedly hit various sectors of the United States. DHHS seeks to fix that through 10 recommended practices and a series of incidents and statistics that show the financial and personal impacts of such cases. Technical volumes were included in the publication as well as other resources and templates.