July 23, 2019

July 23, 2019

Subscribe to Latest Legal News and Analysis

July 22, 2019

Subscribe to Latest Legal News and Analysis

HHS Issues Cybersecurity Practices for Health Care Industry

Just before the new year, the Department of Health and Human Resources (HHS) released voluntary cybersecurity practices for health care organizations, which consists of a main document, two technical volumes, and resources and templates that were compiled by more than 150 cybersecurity and health care experts.

The publication, Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients, took two years to complete, and was in response to requirements set forth in the Cybersecurity Act of 2015. The publication, prepared by the Section 405(d) Task Group, “aims to raise awareness, provide vetted cybersecurity practices, and move organizations towards consistency in mitigating the current most pertinent cybersecurity threats to the sector.”

The guidance is designed to be helpful to organizations of all sizes, and includes technical assistance, as well as practical suggestions on how to address five of the recent risks to the health care industry and 10 cybersecurity practices recommended to mitigate those risks.

The guidance includes: Technical Volume I: Cybersecurity Practices for Small Health Care Organizations, Technical Volume 2: Cybersecurity Practices for Medium and Large Health Care, Resources and Templates, and a Cybersecurity Practices Assessments Toolkit (Appendix E-1).

Copyright © 2019 Robinson & Cole LLP. All rights reserved.

TRENDING LEGAL ANALYSIS


About this Author

Linn F. Freedman, Robinson Cole Law Firm, Cybersecurity and Litigation Law Attorney, Providence
Partner

Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She provides guidance on data privacy and cybersecurity compliance to a full range of public and private clients across all industries, such as construction, education, health care, insurance, manufacturing, real estate, utilities and critical infrastructure, marine, and charitable organizations. Linn is a member of the firm's Business Litigation Group and chairs its Data Privacy + Cybersecurity Team. She is also a member of the Financial Services Cyber-Compliance Team (CyFi ...

401-709-3353