HSCC Cybersecurity Working Group releases the 2018 Annual Report

We are pleased to bring you our 2018 Annual Report highlighting our many accomplishments over the past year. In 2018 we released a resource guide titled “Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients” which is a scalable toolkit of the top ten cybersecurity best practices for hospital systems and developed the Medical Device & Health IT Joint Security Plan (JSP). Thank you to all who contributed to our mission and helped make healthcare cybersecurity more robust and resilient.  Let’s keep up the momentum in 2019.

2018 Annual Report - HSCC Cyber Working Group




HHS and HSCC Release Voluntary Cybersecurity Practices for the Health Industry

The Health Sector Coordinating Council (HSCC), in partnership with the U.S. Department of Health and Human Services, is pleased to announce the release of the “Health Industry Cybersecurity Practices (HICP): Managing Threats and Protecting Patients” publication. The four-volume publication seeks to raise awareness for executives, health care practitioners, providers, and health delivery organizations, such as hospitals. It is applicable to health organizations of all types and sizes across the industry.

This industry-led effort was in response to a mandate of the Cybersecurity Act of 2015 Section 405(d), to develop practical cybersecurity guidelines to cost-effectively reduce cybersecurity risks for the healthcare industry. The publication marks the culmination of a two-year effort that brought together more than 150 cybersecurity and healthcare experts from industry and the government. The consensus-based document was developed and released under the auspices of the HSCC Joint Cybersecurity Working Group, a public-private partnership to enhance healthcare and public health cyber and critical infrastructure security and resilience.

The publication consists of four volumes:

1.     The Main document of the publication explores the five most relevant and current threats to the industry and recommends 10 Cybersecurity Practices to help mitigate these threats.

2.     Technical Volume 1 discusses these 10 cybersecurity practices for small healthcare organizations. It is intended for IT and IT security professionals.

3.     Technical Volume 2 discusses these 10 cybersecurity practices for medium and large healthcare organizations. It is intended for IT and IT security professionals

4.     Resources and Templates provide additional resources and materials that organizations can leverage to develop policies and procedures as well as assess their own cybersecurity posture, through a Cybersecurity Practices Assessment Toolkit.

For more information on this effort and to download a copy of the publication, please visit the 405(d) website at www.phe.gov/405d and https://www.phe.gov/Preparedness/planning/405d/Pages/hic-practices.aspx.