powered by LeadingAge New York

New HHS Report Offers Practical Cybersecurity Guidelines and Resources for Health Care Providers and Payers

The U.S. Department of Health and Human Services (HHS) has published a report outlining best practices for health care cybersecurity. The report, entitled "Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients," offers a series of recommendations for providers, payers, and others working in the health care industry. The report stresses that, for the health sector, combatting cyberattacks must be a top priority because they can threaten not just the security of data, but also the health and safety of patients. The report seeks to provide practical, understandable, and cost-effective cybersecurity guidelines to reduce cybersecurity risks.

The publication includes four volumes:

  1. The Main Document discusses the current cybersecurity threats facing the health care industry and provides "quick tips" for addressing them;
  2. Technical Volume 1 discusses 10 cybersecurity practices and sub-practices for small health care organizations;
  3. Technical Volume 2 discusses 10 cybersecurity practices and sub-practices for medium-sized and large health care organizations; and
  4. The Resources and Templates Volume provides additional resources and references to supplement the other documents.

The threats explored in the Main Document are:

  • Email phishing attacks;
  • Ransomware attacks;
  • Loss or theft of equipment or data;
  • Insider, accidental, or intentional data loss; and
  • Attacks against connected medical devices that may affect patient safety.

The Technical Volumes detail 10 practices to mitigate these threats:

  • Email protection systems
  • Endpoint protection systems
  • Access management
  • Data protection and loss prevention
  • Asset management
  • Network management
  • Vulnerability management
  • Incident response
  • Medical device security
  • Cybersecurity policies

The Main Document, Technical Volumes, and Resources and Templates are available here.

Contact: Karen Lipson, klipson@leadingageny.org, 518-867-8383 ext. 124