Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients, the primary publication of the Cybersecurity Act of 2015, Section 405(d) Task Group, aims to raise awareness, provide vetted cybersecurity practices, and move organizations towards consistency in mitigating the current most pertinent cybersecurity threats to the sector. It seeks to aid healthcare and public health organizations to develop meaningful cybersecurity objectives and outcomes. The publication includes a main document, two technical volumes, and resources and templates:
- Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients : The HICP examines cybersecurity threats and vulnerabilities that affect the healthcare industry. It explores (5) current threats and presents (10) practices to mitigate those threats.
- Technical Volume 1: Cybersecurity Practices for Small Health Care Organizations: Technical Volume 1 discusses the ten Cybersecurity Practices along with Sub-Practices for small health care organizations.
- Technical Volume 2: Cybersecurity Practices for Medium and Large Health Care Organizations: Technical Volume 2 discusses the ten Cybersecurity Practices along with Sub-Practices for medium and large health care organizations.
- Resources and Templates: The Resources and Templates portion includes a variety of cybersecurity resources and templates for end users to reference.
- Cybersecurity Practices Assessments Toolkit (Appendix E-1): This tool helps organizations prioritize their cyber threats and develop their own action plans using the assessment methodology outlined in the Resources and Templates volume. This tool is still under development. To receive an advance copy, please contact us at CISA405d@hhs.gov.
Date: January 8, 2019