HHS Releases Voluntary Cybersecurity Practices for Health Industry

NextGov.com reports that the Department of Health and Human Services (HHS) has released "Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients," a four-volume publication containing voluntary cybersecurity practices to healthcare organizations ranging in size from major hospital systems to local clinics. "Health Industry Cybersecurity Practices" is the result of a two-year public-private partnership between HHS and healthcare industry professionals. According to a media release from HHS, more than 150 cybersecurity and healthcare experts took part in the effort, which was mandated through the Cybersecurity Act of 2015. "Cybersecurity is ... the responsibility of every organization working in healthcare and public health," Janet Vogel, HHS Acting Chief Information Security Officer wrote in a statement. "In all of our efforts, we must recognize and leverage the value of partnerships among government and industry stakeholders to tackle the shared problems collaboratively." The guidance is a mixture of common sense practices and highly technical solutions applicable to a broad array of healthcare facilities.