New HHS Report Offers Practical Cybersecurity Guidelines and Resources for Health Care Providers and Payers
The U.S. Department of Health and Human Services (HHS) has published a report outlining best practices for health care cybersecurity. The report, entitled "Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients," offers a series of recommendations for providers, payers, and others working in the health care industry. The report stresses that, for the health sector, combatting cyberattacks must be a top priority because they can threaten not just the security of data, but also the health and safety of patients. The report seeks to provide practical, understandable, and cost-effective cybersecurity guidelines to reduce cybersecurity risks.
The publication includes four volumes:
- The Main Document discusses the current cybersecurity threats facing the health care industry and provides "quick tips" for addressing them;
- Technical Volume 1 discusses 10 cybersecurity practices and sub-practices for small health care organizations;
- Technical Volume 2 discusses 10 cybersecurity practices and sub-practices for medium-sized and large health care organizations; and
- The Resources and Templates Volume provides additional resources and references to supplement the other documents.
The threats explored in the Main Document are:
- Email phishing attacks;
- Ransomware attacks;
- Loss or theft of equipment or data;
- Insider, accidental, or intentional data loss; and
- Attacks against connected medical devices that may affect patient safety.
The Technical Volumes detail 10 practices to mitigate these threats:
- Email protection systems
- Endpoint protection systems
- Access management
- Data protection and loss prevention
- Asset management
- Network management
- Vulnerability management
- Incident response
- Medical device security
- Cybersecurity policies
The Main Document, Technical Volumes, and Resources and Templates are available here.
Contact: Karen Lipson, email@example.com, 518-867-8383 ext. 124