Skip to main content

2024 HSCC Cybersecurity Working Group

The following Task Groups constitute the
HSCC Cybersecurity Working Group’s 2024 work plan.

405(D) – Health Industry Cybersecurity Practices

Update and amplify the HICP (Health Industry Cybersecurity Practices 2023) with supporting collateral material and timely cyber events, marketing and partnerships.  Version 2 to be published Spring 2023.  See:

Incident Response And Business Continuity

Develop a healthcare cyber incident response and business continuity plan aligned with existing physical incident response protocols.

Medical Technology Updating and Patching

Develop a guide for mutual expectations among health delivery organizations and medical device manufacturers about updating and patching medical devices in the clinical environment, and associated risk, prioritization and cost.

Medical Technology Vulnerability Communications

Provide guidance to differing stakeholders (MDMs, HDO’s, clinicians, patients) on preparing, receiving and acting on medical device vulnerabilities.  First publication April 2022 on patient awareness.  Second version on HDO preparedness in process.

Operational Manufacturing Technology Cybersecurity

Develop leading practices for cybersecurity management of operational/manufacturing technology.  Initially focused on medical technology and pharmaceutical subsectors.

Public Health Cybersecurity

Identify strategies for strengthening the cybersecurity and resilience of SLTT public health agencies with the support of private sector and academic organizations.

Outreach And Awareness

Developing CWG brand and document formatting templates, and marketing strategy for publications and messaging.

Risk Assessment

Finalized NIST Cyber Framework Implementation guide; under review by HHS for co-branding.  New initiatives may include developing guidance for aligning enterprise controls with NIST CSF implementation tiers and possibly using the CSF to identify, measure and manage cyber risk to patient safety and privacy.

Under-Resourced Provider Cybersecurity Advisory Group

A series of documented listening sessions with management of under-resourced providers to hear perspectives about cybersecurity, financial and operational challenges, and the providers’ needs for incentives and other assistance to meet cybersecurity obligations.