DISCLAIMER: The information provided in this article, other knowledge base articles, and the Compliancy Group website do not, and are not intended to, constitute legal advice. All information, content, and materials in the Knowledge Base and on the Compliancy Group website are for general informational purposes only.
The HHS 405(d) Program is a collaborative effort between The Health Sector Coordinating Council (an organization representing the primary healthcare subsectors of direct patient care; public health; health plans and payers; pharma, blood and labs; medical technology; health information technology; and funeral homes and mass fatality managers) and the federal government to align healthcare industry security practices.
The HHS 405(d) Program is focused on providing organizations across the nation with useful and impactful Healthcare and Public Health (HPH) focused resources, products, and tools that help educate, raise awareness, and provide vetted cybersecurity best practices which drive behavioral change and strengthen the sector’s cybersecurity posture against cyber threats.
After significant analysis of the current cybersecurity issues facing the healthcare industry, the 405(d) Task Group developed Health Industry Cybersecurity Practices: Managing Threat and Protecting Patients, its first official Task Group product. The 405(d) Program and Task Group actively continues to develop new products to help further strengthen the healthcare sector.
Health Industry Cybersecurity Practices are given the acronym HICP.
In addition to the Health Industry Cybersecurity Practices: Managing Threat and Protecting Patients publication, the 405(d) task group has published two other guidance documents. These include the HICP Technical Volume 1: Cybersecurity Practices for Small Healthcare Organizations publication, and the HICP Technical Volume 2: Cybersecurity Practices for Medium and Large Healthcare Organizations.
These 2023 publications identify five top cybersecurity threats. These threats include:
1. Social engineering
2. Ransonware
3. Loss or theft of equipment
4. Insider, accidental, or malicious data loss
5. Attachs against network connected medical devices
The 2023 publications provide details about the nature of these threats, how to detect them, and what cybersecurity practices can be taken to reduce the risk of their occurrence.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article