Tech

HHS sets voluntary cybersecurity guidelines for health industry

The new guidance emphasizes the financial and health impacts of cyber incidents and outlines steps practitioners can take to better secure their systems.

By Billy Mitchell

January 2, 2019

(Getty Images)

The Department of Health and Human Services closed 2018 — a year plagued by health care breaches globally — by issuing voluntary cybersecurity guidelines for health care professionals.

Published Dec. 28, HHS’s guidance, developed in partnership with industry experts from the Health Sector Coordinating Council, emphasizes the financial and health impacts of security incidents and outlines steps practitioners can take to better secure their systems.

“Cybersecurity is everyone’s responsibility. It is the responsibility of every organization working in healthcare and public health. In all of our efforts, we must recognize and leverage the value of partnerships among government and industry stakeholders to tackle the shared problems collaboratively,” Janet Vogel, HHS acting chief information security officer, said in a statement.

The guidelines were required by the Cybersecurity Act of 2015 Section 405(d) “to develop practical cybersecurity guidelines to cost-effectively reduce cybersecurity risks for the healthcare industry,” according to a release. More than 150 industry partners gathered over the past two years to develop the new document.

“The healthcare industry is truly a varied digital ecosystem. We heard loud and clear through this process that providers need actionable and practical advice, tailored to their needs, to manage modern cyber threats. That is exactly what this resource delivers; recommendations stratified by the size of the organization, written for both the clinician as well as the IT subject matter expert.” said Erik Decker, the guidelines’ industry co-lead from the University of Chicago Medicine.

Read more about the new guidelines on sister publication CyberScoop.

HHS sets voluntary cybersecurity guidelines for health industry

More Like This

SSA database to flag synthetic identity fraud has cost issues, GAO finds

Government websites aren’t created equal. GSA’s 10x program aims to change that

MITRE’s Federal AI Sandbox will focus on critical infrastructure, weather modeling, social services

Top Stories

Data, talent, funding among top barriers for federal agency AI implementation

Announcing the 2024 FedScoop 50

House Republicans probe NIST on facial recognition for federal digital identity verification

White House’s final ‘Trust Regulation’ aims to bolster confidence in federal statistics

CISA official: AI tools ‘need to have a human in the loop’

Login.gov announces availability for facial recognition technology

More Scoops

HHS issues new cyber incident response resources for healthcare sector

Sen. Warner criticizes HHS and CISA for lack of coordination on cybersecurity, pushes for new cyber exec

Watchdog calls on HHS to improve feedback system for health care cyber breach reporting

HHS IT coordinator researching algorithmic bias and implications for health equity

HHS publishes framework for nationwide health information exchange

Poor coordination hampers HHS cyber threat info sharing with industry

HHS to issue timeline for health care data sharing guidance in coming months

Latest Podcasts

A look at next week’s hearing on unidentified anomalous phenomena

Login.gov launches facial recognition option; the White House issues final Trust Regulation

HHS is working on a new AI strategic plan; Budget woes for government’s science and technology efforts

Meet the winners of the 2024 FedScoop 50; And, how the DOE sees itself counteracting the AI industry’s ‘profit motive’

Tech

Defense

Cyber

FedScoop TV