Cybersecurity Practices: Manage Your Threats and Protect Your Patients

In 2015, the United States Congress passed the Cybersecurity Act (CSA), and within this legislation is Section 405(d): Aligning Health Care Industry Security Approaches. As an approach to this requirement, in 2017 HHS convened the 405(d) Task Group leveraging the Healthcare and Public Health (HPH) Sector Critical Infrastructure Security and Resilience Public-Private Partnership. The Task Group’s charge was to develop a common set of voluntary, consensus-based, and industry-led guidelines, practices, methodologies, procedures, and processes that serve as a resource to meet three core goals: (1) Cost-effectively reduce cybersecurity risks for a range of health care organizations; (2) Support voluntary adoption and implementation; and (3) Ensure, on an ongoing basis, that content is actionable, practical, and relevant to health care stakeholders of every size and resource level. This presentation is an opportunity to discuss the importance of cybersecurity practices and raise awareness that cybersecurity should be treated as an enterprise issue, not just an IT issue. This session will provide information on how organizations can leverage Health Industry Cybersecurity Practices (HICP) to apply mitigating practices to the five main cybersecurity threats.