Just before the new year, the Department of Health and Human Resources (HHS) released voluntary cybersecurity practices for healthcare organizations, which consists of a main document, two technical volumes, and resources and templates that were compiled by more than 150 cybersecurity and healthcare experts.

The publication, Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients, took two years to complete, and was in response to requirements set forth in the Cybersecurity Act of 2015. The publication, prepared by the Section 405(d) Task Group, “aims to raise awareness, provide vetted cybersecurity practices, and move organizations towards consistency in mitigating the current most pertinent cybersecurity threats to the sector.”

The guidance is designed to be helpful to organizations of all sizes, and includes technical assistance, as well as practical suggestions on how to address the five recent risks to the healthcare industry and recommendations of 10 cybersecurity practices to mitigate those risks.

The guidance includes: Technical Volume I: Cybersecurity Practices for Small Health Care Organizations, Technical Volume 2: Cybersecurity Practices for Medium and Large Health Care, Resources and Templates and Cybersecurity Practices Assessments Toolkit (Appendix E-1).