2024 HSCC Cybersecurity Working Group

Update and amplify the HICP (Health Industry Cybersecurity Practices 2023) with supporting collateral material and timely cyber events, marketing and partnerships.  Version 2 to be published Spring 2023.  See: https://405d.hhs.gov/.

Develop a healthcare cyber incident response and business continuity plan aligned with existing physical incident response protocols.

A series of documented listening sessions with management of under-resourced providers to hear perspectives about cybersecurity, financial and operational challenges, and the providers’ needs for incentives and other assistance to meet cybersecurity obligations.

Provide guidance to differing stakeholders (MDMs, HDO’s, clinicians, patients) on preparing, receiving and acting on medical device vulnerabilities.  First publication April 2022 on patient awareness.  Second version on HDO preparedness in process.

Develop leading practices for cybersecurity management of operational/manufacturing technology.  Initially focused on medical technology and pharmaceutical subsectors.

Identify strategies for strengthening the cybersecurity and resilience of SLTT public health agencies with the support of private sector and academic organizations.

Developing CWG brand and document formatting templates, and marketing strategy for publications and messaging.

Finalized NIST Cyber Framework Implementation guide; under review by HHS for co-branding.  New initiatives may include developing guidance for aligning enterprise controls with NIST CSF implementation tiers and possibly using the CSF to identify, measure and manage cyber risk to patient safety and privacy.