HHS Releases Cybersecurity Practice Guides for Healthcare Industry

In an effort to help private practices and large healthcare organizations protect their patients’ data, the Department of Health and Human Services (HHS) has released two guides to voluntary cybersecurity practices—one for local clinics and the other for large hospital systems.

The guides are the result of a two-year public-private partnership between HHS and more than 150 healthcare industry professionals. They outline the five most current threats to healthcare organizations—email phishing attacks, ransomware, loss or theft of equipment or data, accidental or intentional data loss (insider) and attacks against connected medical devices—and outline 10 cybersecurity practices to mitigate the risks, including:

  • Email protection systems
  • Endpoint protection systems
  • Access management
  • Data protection and loss management
  • Asset management
  • Network management
  • Vulnerability management
  • Incident response
  • Medical device security
  • Cybersecurity policies

The guides are available online through the HHS, Department of Public Health Emergency.