Skip to main content

HHS and HSCC Release Voluntary Cybersecurity Practices for the Health Industry

January 2019
The Health Sector Coordinating Council (HSCC), in partnership with the U.S. Department of Health and Human Services, is pleased to announce the release of the “Health Industry Cybersecurity Practices (HICP): Managing Threats and Protecting Patients” publication. The four-volume publication seeks to raise awareness for executives, health care practitioners, providers, and health delivery organizations, such as hospitals. It is applicable to health organizations of all types and sizes across the industry.

This industry-led effort was in response to a mandate of the Cybersecurity Act of 2015 Section 405(d), to develop practical cybersecurity guidelines to cost-effectively reduce cybersecurity risks for the healthcare industry. The publication marks the culmination of a two-year effort that brought together more than 150 cybersecurity and healthcare experts from industry and the government. The consensus-based document was developed and released under the auspices of the HSCC Joint Cybersecurity Working Group, a public-private partnership to enhance healthcare and public health cyber and critical infrastructure security and resilience.

The publication consists of four volumes:

1.     The Main document of the publication explores the five most relevant and current threats to the industry and recommends 10 Cybersecurity Practices to help mitigate these threats.

2.     Technical Volume 1 discusses these 10 cybersecurity practices for small healthcare organizations. It is intended for IT and IT security professionals.

3.     Technical Volume 2 discusses these 10 cybersecurity practices for medium and large healthcare organizations. It is intended for IT and IT security professionals

4.     Resources and Templates provide additional resources and materials that organizations can leverage to develop policies and procedures as well as assess their own cybersecurity posture, through a Cybersecurity Practices Assessment Toolkit.

For more information on this effort and to download a copy of the publication, please visit the 405(d) website at