Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients

View practical cybersecurity guidelines for small, medium and large health care organizations to cost-effectively reduce cybersecurity risks. The publication marks the culmination of a two-year effort that brought together cybersecurity and health care experts from industry and government under the Department of Health and Human Services (DHHS)-convened Healthcare and Public Health Sector Coordinating Councils. The publication consists of four volumes:

• Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients (HICP): The HICP examines cybersecurity threats and vulnerabilities that affect the healthcare industry. It explores (5) current threats and presents (10) practices to mitigate those threats.
• Technical Volume 1: Discusses 10 cybersecurity practices for small health care organizations and is intended for information technology (IT) and IT security professionals.
• Technical Volume 2: Discusses 10 cybersecurity practices for medium and large health care organizations. It is intended for IT and IT security professionals.
• Resources and Templates: Provides additional resources and materials that organizations can leverage to develop policies and procedures as well as assess their own cybersecurity posture, through the Cybersecurity Practices Assessment Toolkit.