HEALTHCARE AND PUBLIC HEALTH SECTOR COORDINATING COUNCIL – CYBERSECURITY WORKING GROUP
Health Sector Coordinating Council (HSCC)
- Healthcare is designated under U.S. national policy as “critical infrastructure” along with 15 other industry sectors, such as financial services, energy, telecommunications, water, transportation and more, represented by industry-organized “sector coordinating councils (SCCs).” These SCC’s and their government counterparts form a national public-private partnership coordinated overall by the U.S. Department of Homeland Security through the National Infrastructure Protection Plan (NIPP)
- The Health Sector Coordinating Council (HSCC) serves as an official advisory council to its government counterparts – HHS and FDA – with a formally-designated critical infrastructure protection function distinct from the advocacy and member services roles of traditional industry associations. The HSCC, HHS and FDA work jointly to identify and mitigate systemic threats to critical healthcare infrastructure, such as pandemics, major weather events, terrorism, active shooters and cyber-attacks, with a mission to: Identify cyber and physical risks to the security and resiliency of the sector, develop guidance and policies for mitigating those risks, and facilitate threat preparedness and incident response
- The Office of the White House National Cyber Director has identified and engaged the HSCC as a model to accelerate a national healthcare cyber resilience strategy
Critical Healthcare Ecosystem Represented by HSCC
HSCC Cybersecurity Working Group (CWG)
- A coalition of 320-organizations led by industry in partnership with government that identifies and develops preparedness measures against cybersecurity threats to the security and resiliency of the healthcare sector;
- Organized into outcome-oriented task groups (currently 13) that meet regularly to develop best-practices for various healthcare cybersecurity disciplines (see below)
- Has produced 12 major best-practices publications since 2019, freely available to sector stakeholders and the public.
2022 HSCC Cybersecurity Working Group Initiatives
The following task groups constitute the HSCC Cybersecurity Working Group’s 2022 work plan.
HSCC Cybersecurity Working Group Governance
- Charter-based governance with elected chair, vice chair and executive committee;
- As a federal advisory committee with government participation, charging dues is not permitted, but accepting donations is, such as for a funded executive director;
- Open to any organization that is: a) covered entity or business associate under HIPAA; b) a health plan or payer; c) regulated by FDA as medical device or pharmaceutical company; d) regulated by HHS Office of the National Coordinator as a health IT company; e) a public health organization and f) a healthcare industry association or professional society. A small allotment of an “Advisor” member category of consulting and security companies is permitted to participate and support CWG initiatives pro bono.
HSCC Cybersecurity Working Group Leadership