HHS sets voluntary cybersecurity guidelines for health industry
The Department of Health and Human Services closed 2018 — a year plagued by health care breaches globally — by issuing voluntary cybersecurity guidelines for health care professionals.
Published Dec. 28, HHS’s guidance, developed in partnership with industry experts from the Health Sector Coordinating Council, emphasizes the financial and health impacts of security incidents and outlines steps practitioners can take to better secure their systems.
“Cybersecurity is everyone’s responsibility. It is the responsibility of every organization working in healthcare and public health. In all of our efforts, we must recognize and leverage the value of partnerships among government and industry stakeholders to tackle the shared problems collaboratively,” Janet Vogel, HHS acting chief information security officer, said in a statement.
The guidelines were required by the Cybersecurity Act of 2015 Section 405(d) “to develop practical cybersecurity guidelines to cost-effectively reduce cybersecurity risks for the healthcare industry,” according to a release. More than 150 industry partners gathered over the past two years to develop the new document.
“The healthcare industry is truly a varied digital ecosystem. We heard loud and clear through this process that providers need actionable and practical advice, tailored to their needs, to manage modern cyber threats. That is exactly what this resource delivers; recommendations stratified by the size of the organization, written for both the clinician as well as the IT subject matter expert.” said Erik Decker, the guidelines’ industry co-lead from the University of Chicago Medicine.
Read more about the new guidelines on sister publication CyberScoop.