The 405(d) Post: Healthcare Industry Cybersecurity News and Emerging Issues

The 405(d) Post aims to align health care industry security approaches by discussing cybersecurity news and emerging issues facing the healthcare industry. Each issue will include an article from our industry partners discussing cybersecurity topics affecting their organizations, emerging threats, innovative technologies and preparedness techniques. This newsletter also highlights the 405(d) HICP Publication, current cybersecurity news stories, and other HHS news. Scroll to read the 405(d) Post!


HICP’s 5 Threat Weekly Webinar Series

With the recent release of the Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients publication, the 405(d) initiative is happy to announce the:  HICP’s 5 Threat Weekly Series!  The Series kicks off this week with Threat 1 – Email Phishing

Five Threats Series Details:
Dates of Engagement All at 2 PM EST

  • Week 1/Threat 1 – E-mail Phishing Attack: March 19 & 21, 2019
  • Week 2/Threat 2 – Ransomware Attack: March 26 & 28, 2019
  • Week 3/Threat 3 – Loss or Theft of Equipment or Data: April 2 & 4, 2019
  • Week 4/Threat 4 – Insider, Accidental or Intentional Data Loss: April 9 & 11, 2019
  • Week 5/Threat 5 – Attacks Against Connected Medical Devices: April 16 & 18, 2019

At 2 PM EST on March 19 & 21, join the WebEx meeting from here:

What is the 5 Threats Weekly Series? 

The HICP Five Threats Weekly Series hosted by the 405(d) initiative is a series of webinars focused on the Five Threats identified in the publication. With the recent release of the HICP publication and its supporting materials, the healthcare community has a new resource to help strengthen their posture against cyber threats. These presentations aim to further introduce the publication and allow our community to dive deeper into the Five threats individually and their corresponding mitigation practices. Each presentation will be co-led by federal representatives and 405(d) industry Task Group members.

Want More Information?

For more information on this effort and to stay up to date on all 405(d) activities, please visit the 405(d) website at Or email 405(d) initiative at

HSCC Cybersecurity Working Group releases the 2018 Annual Report

We are pleased to bring you our 2018 Annual Report highlighting our many accomplishments over the past year. In 2018 we released a resource guide titled “Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients” which is a scalable toolkit of the top ten cybersecurity best practices for hospital systems and developed the Medical Device & Health IT Joint Security Plan (JSP). Thank you to all who contributed to our mission and helped make healthcare cybersecurity more robust and resilient.  Let’s keep up the momentum in 2019.

2018 Annual Report - HSCC Cyber Working Group




HHS and HSCC Release Voluntary Cybersecurity Practices for the Health Industry

The Health Sector Coordinating Council (HSCC), in partnership with the U.S. Department of Health and Human Services, is pleased to announce the release of the “Health Industry Cybersecurity Practices (HICP): Managing Threats and Protecting Patients” publication. The four-volume publication seeks to raise awareness for executives, health care practitioners, providers, and health delivery organizations, such as hospitals. It is applicable to health organizations of all types and sizes across the industry.

This industry-led effort was in response to a mandate of the Cybersecurity Act of 2015 Section 405(d), to develop practical cybersecurity guidelines to cost-effectively reduce cybersecurity risks for the healthcare industry. The publication marks the culmination of a two-year effort that brought together more than 150 cybersecurity and healthcare experts from industry and the government. The consensus-based document was developed and released under the auspices of the HSCC Joint Cybersecurity Working Group, a public-private partnership to enhance healthcare and public health cyber and critical infrastructure security and resilience.

The publication consists of four volumes:

1.     The Main document of the publication explores the five most relevant and current threats to the industry and recommends 10 Cybersecurity Practices to help mitigate these threats.

2.     Technical Volume 1 discusses these 10 cybersecurity practices for small healthcare organizations. It is intended for IT and IT security professionals.

3.     Technical Volume 2 discusses these 10 cybersecurity practices for medium and large healthcare organizations. It is intended for IT and IT security professionals

4.     Resources and Templates provide additional resources and materials that organizations can leverage to develop policies and procedures as well as assess their own cybersecurity posture, through a Cybersecurity Practices Assessment Toolkit.

For more information on this effort and to download a copy of the publication, please visit the 405(d) website at and