+1 206 446 0600 umv@merysolsecurity.com

HHS updates cybersecurity best practices, shares free workforce training

HHS Updates cybersecurity best practices –  Shares free cybersecurity training

Excerpts from an article by  Jessica Davis  SC Media

The Health Industry Cybersecurity Practices (HICP), one of the most critical cybersecurity resources for healthcare provider organizations, has been updated with two additional volumes and supporting mitigation resources.

The update was led by the Department of Health and Human Services 405(d) Program and the Health Sector Coordinating Council Cybersecurity Working Group (HSCC CWG), a joint effort between the federal government and health sector leaders to address the sector’s most pressing cybersecurity challenges.

HICP was first issued in 2018 after a thorough industry analysis by the HHS task force, detailing the biggest vulnerabilities in the sector. The much-lauded, five-volume framework was created in partnership with over 150 healthcare and cybersecurity leaders.

While these measures are voluntary, the initial release was designed to educate health professionals on cybersecurity language and begin the process of implementing and adopting cyber practices based on the NIST Cybersecurity Framework, rather than the Health Insurance Portability and Accountability Act.

The April 17 update builds on past recommendations drafted after a thorough analysis by the HHS cyber task force at that time. Prior to the 2018 release, the analysis revealed staffing was one of the largest issues facing the sector, with three out of four healthcare entities operating without a security leader.

The updated materials focus on the most relevant and cost-effective ways to bolster cybersecurity across the enterprise and includes the top threats facing the sector: social engineering, ransomware, theft or loss of equipment, data loss, and network cyberattacks against medical devices — all of which could impact patient safety.

There’s also a keen focus on social engineering and its critical risk to the sector, as insider risk has remained a top access point for healthcare organizations for the last several years.

You May Also Like …


Submit a Comment

Your email address will not be published. Required fields are marked *