HHS Releases Voluntary Healthcare Cybersecurity Practices to Combat Potential Threats

The Department of Health and Human Services (HHS) has published an official document conveying the voluntary cybersecurity practices for overall healthcare industry. This initiative was aimed at inducing a shift of organizations toward consistency in terms of cyber threats mitigation.

As per HHS, the publication compiled in four independent volumes offers complete guidance on methods that are cost-effective methods and can be utilized by a wide range of healthcare organizations, irrespective of size and resource level. These healthcare organizations can utilize these cost-effective methods to fix and combat cybersecurity threats and mishaps. Moreover, these methods can also be utilized in order to upgrade the awareness apropos of cyber threats and offer enhanced vetted practices.

“Cybersecurity is not the responsibility of a single entity, rather it is a combined responsibility of every other organization operating in the healthcare as well as public health space—it is the responsibility of every organization working in healthcare and public health,” stated HHS Acting Chief Information Security Officer. “Among all of the organization’s efforts, importance and value of partnerships among the industry stakeholders and governmental bodies in order to deal with the shared concerns in a collaborative approach.” he further added.

As per mandate by the Cybersecurity Act of 2015, HHS convened around 150 or more cyber and healthcare experts from both government and industry to practice the recommended practices as a vital part of their healthcare services and policies.

“The offering of this resource is incredible, that ranges from recommendations that are stratified by the size and nature of the organization, scripted for both clinicians as well as subject matter experts of IT.” says Erik Decker, industry co-lead and chief information security and privacy officer, University of Chicago Medicine.

In addition to the primary document, that conveys the five most important and relevant threats to the healthcare industry, the publication also gives recommendations of ten cybersecurity practices that will aid in mitigation of these threats. It also incorporates two technical volumes that are geared for IT as well as security professionals: Technical Volume 1 emphasizes on the cybersecurity practices meant for small healthcare organizations, whereas the Technical Volume 2 offers a coverage on the practices for medium as well as large healthcare organizations.