2025 HSCC Cybersecurity Working Group

Identify the emerging risks associated with the use of AI/ML based products and services in HPH and develop recommendations for their mitigations. Develop guidelines, and best practices for AI safety and security.

Develop a toolkit for CISOs to better communicate cybersecurity imperatives and needs to their organization board, and similar support for board members to understand, evaluate and question cybersecurity risk to and investment for the enterprise.

Update 2023 Hospital Cybersecurity Landscape Analysis which identified the vulnerabilities and threats most frequently resulting in damaging attacks against hospitals and assesses the hospitals’ known capabilities for preventing damaging cyber incidents. Version 2 of the L.A. will incorporate more data in the analysis and consider vulnerabilities and incidents faced by subsectors other than just health providers.

Define “reasonably updateable/patchable,” and identify and create specific updating/patching best practices and recommendations.

Develop leading practices for cybersecurity management of operational/manufacturing technology. Initially focused on medical technology and pharmaceutical subsectors, subsequently to consider OT in the clinical environment.

Provide guidance to differing stakeholders (MDMs, HDO’s, clinicians, patients) on preparing, receiving and acting on medical device vulnerabilities. First publication April 2022 on patient awareness. Second version on HDO preparedness in process.

Developing CWG brand and document formatting templates, and marketing strategy for publications and messaging.

• Shared cryptographic asset inventory framework for organizations to baseline their current exposure.
• Cross-industry roadmap for PQC migration, including interoperability and supply-chain considerations.
• Guidelines and reference architectures for pilot implementations and vendor engagement.
• Recommendations for regulatory and compliance alignment to support smooth adoption across industries.

Identify strategies for strengthening the cybersecurity and resilience of SLTT public health agencies with the support of private sector and academic organizations.

Develop recommendations for government and community support for resource-constrained health providers to ensure appropriate investments and capabilities that align with good cybersecurity practices for the benefit of patient safety and regulatory requirements.