Amid growing fears about cybercrime in healthcare, the US Department of Health and Human Services (HHS) has released guidelines to healthcare organizations of all types and sizes, ranging from local clinics to large hospital systems.
A four-volume publication, Health Industry Cybersecurity Practices (HICP): Managing Threats and Protecting Patients, represents an industry-led response to a mandate under the Cybersecurity Act of 2015 Section 405(d) that seeks to develop practical cybersecurity guidelines to reduce cybersecurity risks for the healthcare industry in a cost-effective fashion.
The rulebook is the result of a two-year undertaking of over 150 cybersecurity and industry experts, as well as the government, under the Healthcare and Public Health (HPH) Sector Critical Infrastructure Security and Resilience Public-Private Partnership. HHS touts the effort as “a true public-private partnership to better secure the nation’s health systems.”
The healthcare industry relies heavily on technology for life-saving patient care. But some equipment, like connected medical devices, is in hackers’ crosshairs, according to the HHS.
“These technologies can be exploited to gain access to personal patient data or render entire hospital systems inoperable,” the consortium notes. “Recent cyber-attacks against the nation’s healthcare industry continue to highlight the importance of ensuring these technologies are safe and secure.”
The publication, which focuses on cybersecurity practices for small, medium and large healthcare organizations, includes two technical volumes geared for IT and IT security professionals.
The documentation also calls on the C-suite and healthcare practitioners to take protective and preventive measures sooner rather than later. Stakeholders are urged to focus on limiting vulnerabilities in key areas like email, endpoint protection and response, data protection and loss prevention, network management, medical device security and cybersecurity practices.
In recent years, healthcare organizations incurred higher costs than any other sector from data breaches, costing them an average of $408 per lost or stolen record. Costs associated with data breaches in healthcare are nearly three times higher than in other industries. Our free whitepaper, Ransomware – A Growing Menace for Healthcare Providers, discusses the costs associated with data breaches in healthcare and the solutions designed to combat cyber-threats in the health sector.