In 2015, the United States Congress passed the Cybersecurity Act (CSA), and within this legislation is Section 405(d): Aligning Health Care Industry Security Approaches. As an approach to this requirement, in 2017 HHS convened the 405(d) Task Group leveraging the Healthcare and Public Health (HPH) Sector Critical Infrastructure Security and Resilience Public-Private Partnership. The Task Group’s charge was to develop a common set of voluntary, consensus-based, and industry-led guidelines, practices, methodologies, procedures, and processes that serve as a resource to meet three core goals: (1) Cost-effectively reduce cybersecurity risks for a range of health care organizations; (2) Support voluntary adoption and implementation; and (3) Ensure, on an ongoing basis, that content is actionable, practical, and relevant to health care stakeholders of every size and resource level.
This presentation is an opportunity to discuss the importance of cybersecurity practices and raise awareness that cybersecurity should be treated as an enterprise issue, not just an IT issue. This session will provide information on how organizations can leverage Health Industry Cybersecurity Practices (HICP) to apply mitigating practices to the five main cybersecurity threats.
Branch Chief, Risk Management HHS OIS,
United States Health and Human Services
Chief Information Security and Privacy Officer,
The University of Chicago Medicine
Health Information Privacy and Security Specialist, OCR,
United States HHS, Office of Civil Rights
Chief Medical Information Executive, North Region,