Just before the new year, the Department of Health and Human Resources (HHS) released voluntary cybersecurity practices for health care organizations, which consists of a main document, two technical volumes, and resources and templates that were compiled by more than 150 cybersecurity and health care experts.

The publication, Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients, took two years to complete, and was in response to requirements set forth in the Cybersecurity Act of 2015. The publication, prepared by the Section 405(d) Task Group, “aims to raise awareness, provide vetted cybersecurity practices, and move organizations towards consistency in mitigating the current most pertinent cybersecurity threats to the sector.”

The guidance is designed to be helpful to organizations of all sizes, and includes technical assistance, as well as practical suggestions on how to address five of the recent risks to the health care industry and 10 cybersecurity practices recommended to mitigate those risks.

The guidance includes: Technical Volume I: Cybersecurity Practices for Small Health Care Organizations, Technical Volume 2: Cybersecurity Practices for Medium and Large Health Care, Resources and Templates, and a Cybersecurity Practices Assessments Toolkit (Appendix E-1).