HHS sets voluntary cybersecurity guidelines for health industry

The new guidance emphasizes the financial and health impacts of cyber incidents and outlines steps practitioners can take to better secure their systems.
doctor, hospitals, research, science, medicine, study, data
(Getty Images)

The Department of Health and Human Services closed 2018 — a year plagued by health care breaches globally — by issuing voluntary cybersecurity guidelines for health care professionals.

Published Dec. 28, HHS’s guidance, developed in partnership with industry experts from the Health Sector Coordinating Council, emphasizes the financial and health impacts of security incidents and outlines steps practitioners can take to better secure their systems.

“Cybersecurity is everyone’s responsibility. It is the responsibility of every organization working in healthcare and public health. In all of our efforts, we must recognize and leverage the value of partnerships among government and industry stakeholders to tackle the shared problems collaboratively,” Janet Vogel, HHS acting chief information security officer, said in a statement.

The guidelines were required by the Cybersecurity Act of 2015 Section 405(d) “to develop practical cybersecurity guidelines to cost-effectively reduce cybersecurity risks for the healthcare industry,” according to a release. More than 150 industry partners gathered over the past two years to develop the new document.


“The healthcare industry is truly a varied digital ecosystem. We heard loud and clear through this process that providers need actionable and practical advice, tailored to their needs, to manage modern cyber threats. That is exactly what this resource delivers; recommendations stratified by the size of the organization, written for both the clinician as well as the IT subject matter expert.” said Erik Decker, the guidelines’ industry co-lead from the University of Chicago Medicine.

Read more about the new guidelines on sister publication CyberScoop.

Billy Mitchell

Written by Billy Mitchell

Billy Mitchell is Senior Vice President and Executive Editor of Scoop News Group's editorial brands. He oversees operations, strategy and growth of SNG's award-winning tech publications, FedScoop, StateScoop, CyberScoop, EdScoop and DefenseScoop. After earning his journalism degree at Virginia Tech and winning the school's Excellence in Print Journalism award, Billy received his master's degree from New York University in magazine writing while interning at publications like Rolling Stone.

Latest Podcasts