Custom Quick Reference Information Directories
GCC Blog

We hope you find our articles informative and interesting. If you'd like to receive our monthly newsletter with articles like these, please take a minute to sign up.

HHS Releases Healthcare Cybersecurity Best Practices

January 8th, 2019 by Guest Communications


Written by: Amy Rock

The Department of Health and Human Services (HHS) released a healthcare cybersecurity guide on Friday in an effort to create consistency in mitigating cyber threats.

The department describes the voluntary guidelines, titled ‘Health Industry Cybersecurity Practices: Managing Threats and Protection Patients’, as “cost-effective methods that a range of healthcare organizations at every size and resource level can use to reduce cybersecurity risks”.

The guidance consists of four different volumes that each address a different topic, including one for small healthcare organizations, one for medium and large providers, another with resources and templates for end users, and a fourth for cybersecurity best practices surrounding threats and protecting patients.

The volumes dedicated to small, medium and large healthcare organizations are geared toward IT and security professionals.

“The healthcare industry is truly a varied digital ecosystem. We heard loud and clear through this process that providers need actionable and practical advice, tailored to their needs, to manage modern cyber threats,” said Erik Decker, industry co-lead and Chief Information Security and Privacy Officer for the University of Chicago Medicine. “That is exactly what this resource delivers: recommendations stratified by the size of the organization, written for both the clinician as well as the IT subject matter expert.”

The publication was drafted following a two-year partnership with over 150 cybersecurity and healthcare experts, according to Health Data Management.

“Cybersecurity is everyone’s responsibility,” said Janet Vogel, HHS Acting Chief Information Security Officer. “It’s the responsibility of every organization working in healthcare and public health.  In all of our efforts, we must recognize and leverage the value of partnerships among government and industry stakeholders to tackle the shared problems collaboratively.”

The core of the guide includes five current threats facing the industry and ten best practices for mitigating these threats.

The five current threats include:

  1. E-mail phishing attack
  2. Loss or theft of equipment or data
  3. Insider, accidental or intentional data loss
  4. Attacks against connected medical devices that may affect patient safety

The ten practices for mitigating cyber threats include:

  1. E-mail protection systems
  2. Endpoint protection systems
  3. Access management
  4. Data protection and loss prevention
  5. Asset management
  6. Network management
  7. Vulnerability management
  8. Incident response
  9. Medical device security
  10. Cybersecurity policies

The guidance also provides real-life events and statistics that explain the cost and risks cyber threats pose to patient care.

Click here to view the complete HHS Cybersecurity Guide.

This article appeared on Campus Safety News.

Guide to Guest Services
Fully customized vinyl information directories for your patients and their visitors. They are easy to update and easy to use.
Guide to Emergency Preparedness
Fully customized quick reference guides to help keep your staff prepared for emergencies.
Guide to Infection Control
Fully customized quick reference guide to help keep your staff prepared for safe infection prevention and control procedures.
Accessories for your guides
Protect your investment by utilizing one of our various mounting systems.
Other Popular Products
Customized products including 3-Ring Binders, Sports Memory Books, Menus, Hotel Directories, and more…