August 23, 2019

August 22, 2019

Subscribe to Latest Legal News and Analysis

August 21, 2019

Subscribe to Latest Legal News and Analysis

August 20, 2019

Subscribe to Latest Legal News and Analysis

HHS Issues Cybersecurity Practices for Healthcare Industry

Just before the new year, the Department of Health and Human Resources (HHS) released voluntary cybersecurity practices for healthcare organizations, which consists of a main document, two technical volumes, and resources and templates that were compiled by more than 150 cybersecurity and healthcare experts.

The publication, Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients, took two years to complete, and was in response to requirements set forth in the Cybersecurity Act of 2015. The publication, prepared by the Section 405(d) Task Group, “aims to raise awareness, provide vetted cybersecurity practices, and move organizations towards consistency in mitigating the current most pertinent cybersecurity threats to the sector.”

The guidance is designed to be helpful to organizations of all sizes, and includes technical assistance, as well as practical suggestions on how to address the five recent risks to the healthcare industry and recommendations of 10 cybersecurity practices to mitigate those risks.

The guidance includes: Technical Volume I: Cybersecurity Practices for Small Health Care Organizations, Technical Volume 2: Cybersecurity Practices for Medium and Large Health Care, Resources and Templates and Cybersecurity Practices Assessments Toolkit (Appendix E-1).

Copyright © 2019 Robinson & Cole LLP. All rights reserved.


About this Author

Linn F. Freedman, Robinson Cole Law Firm, Cybersecurity and Litigation Law Attorney, Providence

Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She provides guidance on data privacy and cybersecurity compliance to a full range of public and private clients across all industries, such as construction, education, health care, insurance, manufacturing, real estate, utilities and critical infrastructure, marine, and charitable organizations. Linn is a member of the firm's Business Litigation Group and chairs its Data Privacy + Cybersecurity Team. She is also a member of the Financial Services Cyber-Compliance Team (CyFi ...