In December, HHS released voluntary cyber security practices to the health care industry with the aim of providing practice guidelines to reduce cyber security risks.
The Health Industry Cybersecurity Practices (HICP): Managing Threats and Protecting Patients publication provides guidance to health care organizations of all types and sizes, ranging from local clinics to large hospital systems.
The publication is the result of a two-year effort that brought together more than 150 cyber security and health care experts from industry and the government. It explores the five most relevant threats to the health care industry and recommends 10 cyber security practices to help mitigate these threats. Real-life events and statistics are presented to demonstrate the financial and patient care effects of cyber incidents.
The publication also includes two technical volumes geared for IT and IT security professionals, one focusing on cyber security practices for small health care organizations, and one focused on practices for medium and large health care organizations.