Publication Downloads

The HIC-TCR is a tactical guide to advise health providers on tactical response activities for managing the cybersecurity threats that can occur during an emergency, such as the COVID-19 Pandemic.

The HIC-MISO identifies many of the cybersecurity information sharing organizations and their key services, as health organizations are beginning to understand the importance of cybersecurity information sharing and implementing information sharing systems.

Coordinated Healthcare Incident Response Plan: A preparedness and response template for disruptive cyber incidents involving health systems, hospitals and clinics. Provides guidance for maintaining clinical and business operations as the effects of a cyber attack threaten not only revenue but patient safety.

As a component of the four-part health sector cybersecurity initiative including the joint HHS-HSCC Hospital Cyber Resiliency Landscape Analysis, the recently updated publication of the Health Industry Cybersecurity Practices 2023 (HICP 2023), and the Health Industry Cybersecurity Recommendations for Government Policy and Programs this resource recommends to industry and government partners the HICP practices judged by the HSCC Cybersecurity Working Group to be the most relevant, and therefor prioritized, controls against the vulnerabilities identified in the Landscape Analysis that most frequently result in cyber exploitation and incidents.

As ransomware attacks increase against the health sector generally and small critical access and rural health systems specifically, the HSCC Cybersecurity Working Group offers these ideas, as alternatives or supplements to regulation, for government policies, programs, incentives and assistance to facilitate improved cybersecurity awareness and investment in the sector.

Health delivery organizations across the United States have faced dramatic increases in cyber-attacks intended to cause disruption to the care continuum. In response to this growing threat, the HHS 405(d) Program conducted this Landscape Analysis, which identifies the vulnerabilities and threats most frequently resulting in damaging attacks against hospitals and assesses the hospitals’ known capabilities for preventing damaging cyber incidents.

A comprehensive guide to address the management of cyber risk caused by legacy technologies used in healthcare environments. It recommends cybersecurity strategies that both manufacturers and health providers can implement for legacy medical technology as a shared responsibility in the clinical environment and provides insights for designing future devices that are more secure. A brief summary is found here and click here for a Quick Reference Guide. Also, HealthCareInfoSecurity Webinar on HSCC Guide for “Managing Legacy Technology Security“.

The HSCC JCWG developed this document in consultation with the SCC and GCC to help Health Care and Public Health sector organizations understand and leverage the NIST Cybersecurity Framework’s Informative References in their implementation of sound cybersecurity and cyber risk management programs, address the five Core Function areas of the NIST Cybersecurity Framework to ensure alignment with national standards, help organizations assess and improve their level of cyber resiliency, and provide suggestions on how to link cybersecurity with their overall information security and privacy risk management activities.

An overview and discussion of 9 specific cybersecurity considerations for the implementation of A.I. in a clinical and enterprise environment.

 

The HICP 2023 is an update to the 2019 HICP publication developed jointly by the HSCC and HHS. It provides executives, health care practitioners, providers, and health delivery organizations, such as hospitals, with best practices for managing cyberthreats to safeguard patient safety.