The IT Law Wiki

Citation[]

Department of Health and Human Services, Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients (Dec. 2018) (full-text).

Overview[]

The publication, developed in response to requirements set forth in the Cybersecurity Act of 2015, "aims to raise awareness, provide vetted cybersecurity practices, and move organizations towards consistency in mitigating the current most pertinent cybersecurity threats to the healthcare sector."

The publication includes a main document, two technical volumes, and resources and templates:

  • Cybersecurity Practices Assessments Toolkit (Appendix E-1) helps organizations prioritize their cyber threats and develop their own action plans using the assessment methodology outlined in the Resources and Templates volume. This tool is still under development. To receive an advance copy, please contact CISA405d@hhs.gov​.