HHS Releases Healthcare Cybersecurity Best Practices

The voluntary guidance includes five current threats facing the healthcare industry and ten best practices for mitigating these threats.

HHS Releases Healthcare Cybersecurity Best Practices

The resource provides recommendations for both end users and IT professionals.

The Department of Health and Human Services (HHS) released a healthcare cybersecurity guide on Friday in an effort to create consistency in mitigating cyber threats.

The department describes the voluntary guidelines, titled ‘Health Industry Cybersecurity Practices: Managing Threats and Protection Patients’, as “cost-effective methods that a range of healthcare organizations at every size and resource level can use to reduce cybersecurity risks”.

The guidance consists of four different volumes that each address a different topic, including one for small healthcare organizations, one for medium and large providers, another with resources and templates for end users, and a fourth for cybersecurity best practices surrounding threats and protecting patients.

The volumes dedicated to small, medium and large healthcare organizations are geared toward IT and security professionals.

“The healthcare industry is truly a varied digital ecosystem. We heard loud and clear through this process that providers need actionable and practical advice, tailored to their needs, to manage modern cyber threats,” said Erik Decker, industry co-lead and Chief Information Security and Privacy Officer for the University of Chicago Medicine. “That is exactly what this resource delivers: recommendations stratified by the size of the organization, written for both the clinician as well as the IT subject matter expert.”

The publication was drafted following a two-year partnership with over 150 cybersecurity and healthcare experts, according to Health Data Management.

“Cybersecurity is everyone’s responsibility,” said Janet Vogel, HHS Acting Chief Information Security Officer. “It’s the responsibility of every organization working in healthcare and public health.  In all of our efforts, we must recognize and leverage the value of partnerships among government and industry stakeholders to tackle the shared problems collaboratively.”

The core of the guide includes five current threats facing the industry and ten best practices for mitigating these threats.

The five current threats include:

  1. E-mail phishing attack
  2. Loss or theft of equipment or data
  3. Insider, accidental or intentional data loss
  4. Attacks against connected medical devices that may affect patient safety

The ten practices for mitigating cyber threats include:

  1. E-mail protection systems
  2. Endpoint protection systems
  3. Access management
  4. Data protection and loss prevention
  5. Asset management
  6. Network management
  7. Vulnerability management
  8. Incident response
  9. Medical device security
  10. Cybersecurity policies

The guidance also provides real-life events and statistics that explain the cost and risks cyber threats pose to patient care.

Click here to view the full guidance.

About the Author

Contact:

Amy Rock is Campus Safety's senior editor. She graduated from UMass Amherst with a Bachelor’s Degree in Communications and a minor in Education.

She has worked in the publishing industry since 2011, in both events and digital marketing.

Read More Articles Like This… With A FREE Subscription

Campus Safety magazine is another great resource for public safety, security and emergency management professionals. It covers all aspects of campus safety, including access control, video surveillance, mass notification and security staff practices. Whether you work in K-12, higher ed, a hospital or corporation, Campus Safety magazine is here to help you do your job better!

Get your free subscription today!


Leave a Reply

Your email address will not be published. Required fields are marked *

Get Our Newsletters
Campus Safety HQ