-
- 405(d) – HEALTH INDUSTRY CYBERSECURITY PRACTICES
Joint Industry/HHS Task Group (from §405(d) of the Cybersecurity Act of 2015) created the HICP (Health Industry Cybersecurity Practices) and is developing supporting collateral material and timely cyber events, marketing and partnerships. - 5-YEAR PLAN
Update the Health Care Industry Task Force (HCIC) recommendations as a five-year plan reflecting emerging threat scenarios in a rapidly evolving healthcare system - EMERGING TECHNOLOGY
Assess emerging technologies used in healthcare may present cybersecurity risks. First publication pending on artificial intelligence. Next assessment on how to protect/encrypt systems, data and identity against malicious use of quantum computing. - INCIDENT RESPONSE AND BUSINESS CONTINUITY
Develop a healthcare cyber incident response and business continuity plan aligned with existing physical incident response protocols. - INTERNATIONAL
No specific deliverables, except developing content for webinars on international healthcare cybersecurity policy, operations and coordination. - MEASUREMENT
A Measurement Task Group with scope TBD: e.g., a) measurement methodology; b) measure sector adoption of cybersecurity frameworks such as NIST CSF, HSCC HICP; c), measuring sector-wide security performance; and/or d) measuring patient impact from a cyber event - MEDICAL DEVICE VULNERABILITY COMMUNICATIONS
Provide guidance to differing stakeholders (MDMs, HDO’s, clinicians, patients) on preparing, receiving and acting on medical device vulnerabilities. First publication pending on patient awareness. Second version on HDO preparedness. - MEDICAL TECHNOLOGY CYBERSECURITY
First published in January 2019, the Medical Device and Health IT Joint Security Plan will be updated to reflect ongoing developments in medical device security and to integrate subsequent work products soon to be published on legacy device security, model cybersecurity contract language for medical technology, and vulnerability communications standardization. - OUTREACH and AWARENESS
Focused, resourced and creative attention on leveraging government, industry associations and other stakeholders to build national health sector awareness and adoption of HSCC cybersecurity resources, NIST CSF and others. - POLICY
Activates as needed for policy proposals and response - RISK ASSESSMENT
Finalized NIST Cyber Framework Implementation guide; under review by HHS for co-branding. New initiatives may include developing guidance for aligning enterprise controls with NIST CSF implementation tiers and possibly using the CSF to identify, measure and manage cyber risk to patient safety and privacy. - SUPPLY CHAIN
Results of pending survey on critical supplier risk management will inform subsequent development of related best practices. - WORKFORCE DEVELOPMENT
Preparing series of cybersecurity training videos for clinicians and healthcare students on specific aspects of cybersecurity. Pending funding source support will be needed for content development.
- 405(d) – HEALTH INDUSTRY CYBERSECURITY PRACTICES
___________________________________________________________________________
FINALIZING WORK FOR PUBLICATION – CONSIDER DISBANDING SUBSEQUENTLY
-
-
- MODEL CONTRACTS
Published Q1 2022
- MODEL CONTRACTS
-
- LEGACY MEDICAL DEVICES
Ongoing – Publication expected Q2 2022
- LEGACY MEDICAL DEVICES
-