HITEQ Health Center Cybersecurity Defender Against the Dark Web

Health Centers are being inundated by an unprecedented surge in cybersecurity incidents that are having detrimental effects on healthcare worldwide. New, sophisticated threats seem to appear on a daily basis. Most importantly, these threats are primarily being targeted and spread through end users (vs health IT systems) through social engineering and phishing attack methods. 

Healthcare cybersecurity is the ultimate team sport. The responsibility goes beyond the IT staff and includes front and back office staff, doctors and nurses, patients, executives, and the board of directors. These resources are directed at all levels of the healthcare organization so that they may be proactive and aware and help to defend Health Centers against the Dark Web.

Take some time to read through some of the articles on this page and then fill out the submission form on the right and you will be rewarded with a Health Center Defender Against the Dark Web badge! This is an official badge that is submitted by the HITEQ Center as a proof of completion to the blockchain. Your credentials can be added to profiles such as LinkedIn and verified through accreditation services such as Accredible and Open Badge.

 

Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients

28746
HITEQ Center post on
| Categories: Privacy and Security, Privacy & Security Best Practices, HIPAA, Security Risk Analysis, Breach Mitigation & Response
Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients

A publication of the Cybersecurity Act of 2015, Section 405(d) Task Group

The HIPAA Security Rule establishes the requirements for protection of electronic patient health information. The safeguards identified are made up of three domains that include administrative, physical, and technical safeguards that need to be addressed. The technical safeguards as defined within 45 CFR §164.312 of the HIPAA Security Rule can be some of the most difficult to comprehend and implement for smaller Health Centers with lower levels of IT and security staffing. Resources and tools that help Health Centers better process and implement these security requirements are much needed and require well-documented methods for planning and maintaining critical security controls.

Toward this objective, in 2017, HHS established the CSA 405(d) Task Group, which leveraged the Healthcare and Public Health (HPH) Sector Critical Infrastructure Security and Resilience Public-Private Partnership and was made up of over 100 participants and experts across domains that include cybersecurity, privacy, healthcare practitioners, and Health IT organizations.

In December of 2018 this task force published the Health Industry Cyber Preparedness (HICP) document, which is a cyber-preparedness “cookbook” designed to assist small providers in prioritizing cybersecurity threats and implementing controls to address them. 

The publication includes a main document, two technical volumes, and a set of resources and templates that include:

Documents to download

Resource Links

  • A link to the Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients resourcesHealth Industry Cybersecurity Practices: Managing Threats and Protecting Patients (HICP), the primary publication of the Cybersecurity Act of 2015, Section 405(d) Task Group, aims to raise awareness, provide vetted cybersecurity practices, and move organizations towards consistency in mitigating the current most pertinent cybersecurity threats to the sector. It seeks to aid healthcare and public health organizations to develop meaningful cybersecurity objectives and outcomes.
Tags: SRAHIPAAOCRcybersecuritySecurity RuleHICPCybersecurity Act of 2015breach protectionHHS 405(d)
Print
Intended AudienceCIO, CSO, CISO, Health Center Leadership, Security Staff

Related Resources

Health Center Defender Against the Dark Web Badge Confirmation