Skip to main content

Health Sector Coordinating Council publishes Five-Year Health Industry Cybersecurity Strategic Plan (HIC-SP) – 2024-29

February 2024
Wellness plan recommends implementing enterprise and industry-wide goals by 2029 on the imperative that Cyber Safety is Patient Safety.

Los Angeles, February 27, 2024 – The Healthcare and Public Health (HPH) Sector Coordinating Council (HSCC) Cybersecurity Working Group (CWG) today published at the ViVE 2024 Conference the “Health Industry Cybersecurity Strategic Plan” (HIC-SP) – a  call to action for organizations throughout the healthcare ecosystem to implement foundational cybersecurity programs that address the operational, technological, and governance challenges posed by significant healthcare industry trends over the next five years.

Increasingly frequent and sophisticated threats of severe cyber incidents against the health sector undermine patient safety, data privacy and care operations, which cause unacceptable financial, legal, regulatory, and reputational risk.  HIC-SP guides C-suite executives, information technology and security leaders and government agencies toward investment and implementation of essential cybersecurity goals to head off those threats.

HSCC Cybersecurity Working Group Chairman Erik Decker, CISO for Intermountain Health, said “The Health Industry Cybersecurity Strategic Plan recognizes that cybersecurity for the health sector is a shared responsibility among all HPH stakeholders, including medical device manufacturers, pharmaceuticals, healthcare delivery organizations, health plans and payors, and government policymakers.”  Decker added that “the Plan also applies to third party technology and service providers which continue to pose significant risks to the health system.”

HIC-SP was developed over eighteen months among a large cross section of the Cybersecurity Working Group membership and government partners.  It was structured to prepare for broad industry trends over the next 5 years with high level cybersecurity goals that can be achieved through the implementation of specific measurable objectives.  Success will upgrade the diagnosis of healthcare cybersecurity from “critical” to “stable condition” by 2029.  That means a healthcare cybersecurity future state in which:

  • Healthcare cybersecurity, both practiced and regulated, is reflexive, evolving, accessible, documented, and implemented;
  • Secure design and implementation of technology and services across the healthcare ecosystem is a shared and collaborative responsibility;
  • Leaders in the healthcare C-Suite embrace accountability for cybersecurity as an enterprise risk and a technology imperative;
  • A cyber safety net promotes cyber equity among under-resourced health organizations across the ecosystem;
  • Workforce cybersecurity learning and application is an infrastructure wellness continuum; and,
  • A “911 Cyber Civil Defense” capability to provide early warning, incident response and recovery is reflexive and always on.

“Our number one goal in publishing the HIC-SP today is to improve and protect patient safety,” said HSCC CWG Vice Chair Chris Tyberg, CISO for Abbott. “We are calling on all health industry stakeholders to join us in this imperative for the benefit of patients and the overall health of the sector.”  In publishing the HIC-SP today, the HSCC begins the second phase of this program – to develop a set of measurable outcomes and appropriate metrics for success.  In publishing the HIC-SP today, the HSCC will now begin the second phase of this program – to develop a consistent set of measurable outcomes and appropriate metrics for success. The HSCC CWG intends to release those measures by the end of 2024.

The HIC-SP document and supporting material are available on the HSCC Cybersecurity website at https://HealthSectorCouncil.org.

About the Health Sector Coordinating Council Cybersecurity Working Group

The Healthcare and Public Health Sector Coordinating Council (HSCC) is a coalition of private-sector critical healthcare infrastructure entities organized under a national public-private partnership to join with government in the identification and mitigation of strategic threats and vulnerabilities facing the sector’s ability to deliver critical services and assets to the public. The HSCC Cybersecurity Working Group (CWG) is composed of nearly 1,000 people representing 425 industry and government organizations collaborating to develop strategies that address emerging and ongoing cybersecurity challenges to the health sector.

For more information, or questions about joining the HSCC as a health industry organization, see,  https://healthsectorcouncil.org

Contact: Greg Garcia, HSCC Cybersecurity Working Group Executive Director: Greg.Garcia@HealthSectorCouncil.org