Publication Downloads

The HIC-TCR is a tactical guide to advise health providers on tactical response activities for managing the cybersecurity threats that can occur during an emergency, such as the COVID-19 Pandemic.

The HIC-MISO identifies many of the cybersecurity information sharing organizations and their key services, as health organizations are beginning to understand the importance of cybersecurity information sharing and implementing information sharing systems.

Coordinated Healthcare Incident Response Plan: A preparedness and response template for disruptive cyber incidents involving health systems, hospitals and clinics. Provides guidance for maintaining clinical and business operations as the effects of a cyber attack threaten not only revenue but patient safety.

As a component of the four-part health sector cybersecurity initiative including the joint HHS-HSCC Hospital Cyber Resiliency Landscape Analysis, the recently updated publication of the Health Industry Cybersecurity Practices 2023 (HICP 2023), and the Health Industry Cybersecurity Recommendations for Government Policy and Programs this resource recommends to industry and government partners the HICP practices judged by the HSCC Cybersecurity Working Group to be the most relevant, and therefor prioritized, controls against the vulnerabilities identified in the Landscape Analysis that most frequently result in cyber exploitation and incidents.

This compilation of policy and programmatic considerations is offered for the U.S. Department of Health and Human Services, the Cybersecurity and Infrastructure Security Agency, Congress and other Federal agencies to support healthcare cybersecurity. If implemented under existing or new statutory authorities, these concepts could help reduce risk across the sector through incentive- or grant-based financial assistance and operational support, particularly to under-resourced health systems, including small practice, critical access, safety net and rural emergency hospitals. The recommendations are grouped into the following topical categories: 1) Preparedness Support and Information Sharing; 2) Financial Support and Incentives; 3) Incident Response and Recovery; 4) Workforce; and 5) Regulatory Reform.

Health delivery organizations across the United States have faced dramatic increases in cyber-attacks intended to cause disruption to the care continuum. In response to this growing threat, the HHS 405(d) Program conducted this Landscape Analysis, which identifies the vulnerabilities and threats most frequently resulting in damaging attacks against hospitals and assesses the hospitals’ known capabilities for preventing damaging cyber incidents.

A comprehensive guide to address the management of cyber risk caused by legacy technologies used in healthcare environments. It recommends cybersecurity strategies that both manufacturers and health providers can implement for legacy medical technology as a shared responsibility in the clinical environment and provides insights for designing future devices that are more secure. A brief summary is found here and click here for a Quick Reference Guide. Also, HealthCareInfoSecurity Webinar on HSCC Guide for “Managing Legacy Technology Security“.

The HSCC JCWG developed this document in consultation with the SCC and GCC to help Health Care and Public Health sector organizations understand and leverage the NIST Cybersecurity Framework’s Informative References in their implementation of sound cybersecurity and cyber risk management programs, address the five Core Function areas of the NIST Cybersecurity Framework to ensure alignment with national standards, help organizations assess and improve their level of cyber resiliency, and provide suggestions on how to link cybersecurity with their overall information security and privacy risk management activities.

An overview and discussion of 9 specific cybersecurity considerations for the implementation of A.I. in a clinical and enterprise environment.

 

The HICP 2023 is an update to the 2019 HICP publication developed jointly by the HSCC and HHS. It provides executives, health care practitioners, providers, and health delivery organizations, such as hospitals, with best practices for managing cyberthreats to safeguard patient safety.