Tech

HHS sets voluntary cybersecurity guidelines for health industry

The new guidance emphasizes the financial and health impacts of cyber incidents and outlines steps practitioners can take to better secure their systems.

By Billy Mitchell

January 2, 2019

(Getty Images)

The Department of Health and Human Services closed 2018 — a year plagued by health care breaches globally — by issuing voluntary cybersecurity guidelines for health care professionals.

Published Dec. 28, HHS’s guidance, developed in partnership with industry experts from the Health Sector Coordinating Council, emphasizes the financial and health impacts of security incidents and outlines steps practitioners can take to better secure their systems.

“Cybersecurity is everyone’s responsibility. It is the responsibility of every organization working in healthcare and public health. In all of our efforts, we must recognize and leverage the value of partnerships among government and industry stakeholders to tackle the shared problems collaboratively,” Janet Vogel, HHS acting chief information security officer, said in a statement.

The guidelines were required by the Cybersecurity Act of 2015 Section 405(d) “to develop practical cybersecurity guidelines to cost-effectively reduce cybersecurity risks for the healthcare industry,” according to a release. More than 150 industry partners gathered over the past two years to develop the new document.

“The healthcare industry is truly a varied digital ecosystem. We heard loud and clear through this process that providers need actionable and practical advice, tailored to their needs, to manage modern cyber threats. That is exactly what this resource delivers; recommendations stratified by the size of the organization, written for both the clinician as well as the IT subject matter expert.” said Erik Decker, the guidelines’ industry co-lead from the University of Chicago Medicine.

Read more about the new guidelines on sister publication CyberScoop.

HHS sets voluntary cybersecurity guidelines for health industry

More Like This

ICE pursuing privacy approvals related to controversial phone location data

House Modernization panel advances bill to improve CRS’s data access in first-ever markup

CISA’s chief data officer: Bias in AI models won’t be the same for every agency

Top Stories

DOJ seeks public input on AI use in criminal justice system

GSA taps TTS deputy director to take top Login.gov role next month

Scientists must be empowered — not replaced — by AI, report to White House argues

404 page: the error sites of federal agencies

White House hopeful ‘more maturity’ of data collection will improve AI inventories

Generative AI could raise questions for federal records laws

Oracle approved to handle government secret-level data

More Scoops

HHS issues new cyber incident response resources for healthcare sector

Sen. Warner criticizes HHS and CISA for lack of coordination on cybersecurity, pushes for new cyber exec

Watchdog calls on HHS to improve feedback system for health care cyber breach reporting

HHS IT coordinator researching algorithmic bias and implications for health equity

HHS publishes framework for nationwide health information exchange

Poor coordination hampers HHS cyber threat info sharing with industry

HHS to issue timeline for health care data sharing guidance in coming months

Latest Podcasts

HHS sets voluntary cybersecurity guidelines for health industry

Scientists Must Be Empowered, Not Replaced by AI

Leveraging modern access management to achieve zero trust

The role of the federal chief AI officer

Tech

Defense

Cyber

Acquisition