HHS Releases Healthcare Cybersecurity Best Practices

The voluntary guidance includes five current threats facing the healthcare industry and ten best practices for mitigating these threats.

HHS Releases Healthcare Cybersecurity Best Practices

The resource provides recommendations for both end users and IT professionals.

The Department of Health and Human Services (HHS) released a healthcare cybersecurity guide on Friday in an effort to create consistency in mitigating cyber threats.

The department describes the voluntary guidelines, titled ‘Health Industry Cybersecurity Practices: Managing Threats and Protection Patients’, as “cost-effective methods that a range of healthcare organizations at every size and resource level can use to reduce cybersecurity risks”.

The guidance consists of four different volumes that each address a different topic, including one for small healthcare organizations, one for medium and large providers, another with resources and templates for end users, and a fourth for cybersecurity best practices surrounding threats and protecting patients.

The volumes dedicated to small, medium and large healthcare organizations are geared toward IT and security professionals.

“The healthcare industry is truly a varied digital ecosystem. We heard loud and clear through this process that providers need actionable and practical advice, tailored to their needs, to manage modern cyber threats,” said Erik Decker, industry co-lead and Chief Information Security and Privacy Officer for the University of Chicago Medicine. “That is exactly what this resource delivers: recommendations stratified by the size of the organization, written for both the clinician as well as the IT subject matter expert.”

The publication was drafted following a two-year partnership with over 150 cybersecurity and healthcare experts, according to Health Data Management.

“Cybersecurity is everyone’s responsibility,” said Janet Vogel, HHS Acting Chief Information Security Officer. “It’s the responsibility of every organization working in healthcare and public health.  In all of our efforts, we must recognize and leverage the value of partnerships among government and industry stakeholders to tackle the shared problems collaboratively.”

The core of the guide includes five current threats facing the industry and ten best practices for mitigating these threats.

The five current threats include:

  1. E-mail phishing attack
  2. Loss or theft of equipment or data
  3. Insider, accidental or intentional data loss
  4. Attacks against connected medical devices that may affect patient safety

The ten practices for mitigating cyber threats include:

  1. E-mail protection systems
  2. Endpoint protection systems
  3. Access management
  4. Data protection and loss prevention
  5. Asset management
  6. Network management
  7. Vulnerability management
  8. Incident response
  9. Medical device security
  10. Cybersecurity policies

The guidance also provides real-life events and statistics that explain the cost and risks cyber threats pose to patient care.

Click here to view the full guidance.

If you appreciated this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!

About the Author


Amy is Campus Safety’s Executive Editor. Prior to joining the editorial team in 2017, she worked in both events and digital marketing.

Amy has many close relatives and friends who are teachers, motivating her to learn and share as much as she can about campus security. She has a minor in education and has worked with children in several capacities, further deepening her passion for keeping students safe.

Leading in Turbulent Times: Effective Campus Public Safety Leadership for the 21st Century

This new webcast will discuss how campus public safety leaders can effectively incorporate Clery Act, Title IX, customer service, “helicopter” parents, emergency notification, town-gown relationships, brand management, Greek Life, student recruitment, faculty, and more into their roles and develop the necessary skills to successfully lead their departments. Register today to attend this free webcast!

Leave a Reply

Your email address will not be published. Required fields are marked *

Get Our Newsletters
Campus Safety HQ