HHS releases voluntary guidance for healthcare organizations

The United States Department of Health and Human Services, a cabinet-level department of the U.S. federal governmentreleased a four-volume report, voluntary guidance for healthcare organizations. The report is titled “Health Industry Cybersecurity Practices (HICP): Managing Threats and Protecting Patients.” A team of more than 150 cybersecurity and healthcare experts developed the HICP report, mandated under the Cybersecurity Act of 2015.

According to HHS, combating cyberattacks is as difficult as fighting a deadly virus. It requires mobilization and coordination of resources across mass stakeholders (both public and private) to mitigate risks. The stakeholders include IT vendors, hospitals, medical device manufacturers etc.The average cost of a data breach per healthcare firm is $2.2 million which is alarming enough to take actions as per the HHS report.

“Healthcare industry is truly a varied digital ecosystem,” said Erik Decker, privacy officer for the University of Chicago Medicine. In this sector, particularly, practical advice is required, tailored to organizations’ needs which will help them to manage cyber threats. Hence, authors have included recommendations for the c-suite, as well as IT experts. HHS officials stress the importance of private-public partnerships to protect critical infrastructure. They have also planned to create awareness programs and to implement the suggested cybersecurity practices.

It is everyone’s responsibility to look after cybersecurity and each organization must leverage the value of partnerships among government and stakeholders to collaboratively deal with the problems.