Cybersecurity awareness recently took center stage in the healthcare industry when the Department of Health and Human Services (HHS) issued comprehensive risk-prioritized cybersecurity best practices to combat top threats.  HHS mapped this guidance to the National Institute of Standards and Technology (NIST) Cybersecurity Framework, cross-referencing 88 individual sub-practices for healthcare organizations of all sizes.

The HHS guidance focuses on ten top-level cybersecurity best practices, coupled with a series of recommended procedure-strengthening “Threat Quick Tips,” to ward off e-mail phishing attacks, ransomware attacks, loss/theft of equipment and data, insider/accidental/intentional data loss, and attacks against connected medical devices that may affect patient safety.  The guidance is complete with mock real world-scenarios, a set of companion technical volumes that HHS designed specifically for IT professionals, and an upcoming practical toolkit.

While this new guidance does not create a new “mandatory” cybersecurity framework, regulators and courts may still defer to it when the “reasonableness” of security safeguards is questioned post-breach in the healthcare sector.

Read more about the HHS report here.