The Department of Health and Human Services recently released “Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients” in response to the increase in cyber attacks across the health sector. A press release from HHS states “The four volume publication, aims to provide voluntary cyber security practices to healthcare organizations of all types and sizes, ranging from local clinics to large hospital systems.”
The document addresses relevant and existing threats to the health care industry.
It also includes statistics and real events that demonstrate the impact of cyber attacks on healthcare companies. Additionally, the document recommends cyber security practices and includes calls to action that healthcare industry employees can take now to help to alleviate these threats. There are also two technical volumes, one geared towards small organizations and one for medium and large organizations, specifically for IT professionals.
The guidelines, procedures and processes in the document are voluntary, but when implemented they meet the goal of reducing cyber attacks in the health sector. The guidelines are consistent with the NIST Cybersecurity Framework – Identify, Protect, Detect, Respond and Recover.