In 2015, HHS (Health and Human Services) convened the Cybersecurity Act of 2015 405(d) Task Group leveraging the HPH (Healthcare and Public Health) Sector Critical Infrastructure Security and Resilience Public-Private Partnership. The Task Group is comprised of over 150 members representing many roles and organizations in from healthcare practitioners, privacy, and cybersecurity subject matter experts. The Task Group’s mandate was to develop practical cybersecurity guidelines to cost-effectively reduce cybersecurity risks for the healthcare industry.
At the end of 2018, HSCC (Health Sector Coordinating Council), in partnership with HHS released the official “Health Industry Cybersecurity Practices (HICP): Managing Threats and Protecting Patients” publication. The four-volume publication seeks to raise awareness for executives, health care practitioners, providers, and health delivery organizations, such as hospitals. It is applicable to health organizations of all types and sizes across the industry.
West Monroe Partners was one of the core industry partners aligned with the task force to produce the HICP and sponsored multiple pre-testing efforts to gather feedback from the industry before the official release. Read more about our experience here.
The publication consists of four volumes:
Technical Volume 1 discusses these ten (10) cybersecurity practices for small healthcare organizations. It is intended for IT and IT security professionals.
Technical Volume 2 discusses these ten (10) cybersecurity practices for medium and large healthcare organizations. It is intended for IT and IT security professionals
For more information on this effort and to download a copy of the publication, please visit the 405(d) website.
West Monroe Partners is proud to support the effort with the 405(d) Task Group from inception and into the future as we collaborate against common threats and adversaries within the Healthcare Sector. The more intelligence sharing, learning from experience, and thought leadership we can all share, the better to reduce risk within our respective organizations and communities both in the physical and digital worlds.