Citation[]
Department of Health and Human Services, Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients (Dec. 2018) (full-text).
Overview[]
The publication, developed in response to requirements set forth in the Cybersecurity Act of 2015, "aims to raise awareness, provide vetted cybersecurity practices, and move organizations towards consistency in mitigating the current most pertinent cybersecurity threats to the healthcare sector."
The publication includes a main document, two technical volumes, and resources and templates:
- Technical Volume 1: Cybersecurity Practices for Small Health Care Organizations discusses the ten Cybersecurity Practices along with Sub-Practices for small health care organizations.
- Technical Volume 2: Cybersecurity Practices for Medium and Large Health Care Organizations discusses the ten Cybersecurity Practices along with Sub-Practices for medium and large health care organizations.
- Resources and Templates includes a variety of cybersecurity resources and templates for end users to reference.
- Cybersecurity Practices Assessments Toolkit (Appendix E-1) helps organizations prioritize their cyber threats and develop their own action plans using the assessment methodology outlined in the Resources and Templates volume. This tool is still under development. To receive an advance copy, please contact CISA405d@hhs.gov.