On April 17, 2023 the United States Department of Health and Human Services (HHS) 405(d) Program announced the release of several resources to assist with addressing cybersecurity concerns in the health care and public health sector. The 405(d) Program is a collaborative effort between industry and the federal government to align health care industry security practices to develop consensus-based guidelines, practices, and methodologies in the health care and public health sector.
The three resources released include:
Knowledge on Demand, which is a cybersecurity education platform, which currently includes five cybersecurity trainings that align with the top five cybersecurity threats outlined in the HICP (see next bullet). The initial trainings uploaded include presentations on social engineering; ransomware; loss or theft of equipment or data; accidental, intentional, or malicious data loss; and attacks against network connected medical devices.
Health Industry Cybersecurity Practices (HICP) 2023 Edition, which is a guidance publication designed to provide a starting point for implementing basic cybersecurity practices in a health care organization. This publication includes Technical Volume 1, which is intended specifically for small organizations; and Technical Volume 2, which is intended for medium-sized organizations and sub-practices for large organizations.
Hospital Cyber Resiliency Initiative Landscape Analysis, which is another publication aimed at highlighting findings and issues affecting the cybersecurity resiliency of U.S. hospitals. The primary objectives of the analysis were to develop a clear understanding of the current cybersecurity capabilities and preparedness across participating U.S. hospitals, as well as their ability to combat cyber threats; and to share the analysis and findings with the Health Sector Coordinator Council Cybersecurity Working Group (HSCC CWG) for consideration as one of several inputs for informing prioritized cybersecurity practices for U.S. hospitals.
These resources may be useful tools to health care organizations seeking resources to enhance their cybersecurity resiliency.
If you have any questions about Barclay Damon LLP or its service offerings, please contact Margaret Surowka, partner in Health Care and Labor & Employment, at msurowka@barclaydamon.com; Fran Ciardullo, special counsel, at fciardullo@barclaydamon.com;Bridget Steele, counsel, at bsteele@barclaydamon.com; or another member of Barclay Damon’s Health & Human Services Providers.
