Health Industry Cybersecurity Practices Publication – Peer Reviews Needed
Call for Peer Reviews
Health-ISAC members may be interested in helping to review the update to the Health Industry Cybersecurity Practices (HICP) publication.
Background
In 2017 HHS and Industry convened under the direction of Section 405(d) of the Cybersecurity Act of 2015 to develop guidance for improving cybersecurity practices in the healthcare sector. A task group of more than 250 volunteers was formed, and in 2018 became a formal task group of the Health Sector Coordinating Council (HSCC) Joint Cybersecurity Working Group. This task group has been co-chaired by Erik Decker, CISO for Intermountain Healthcare, and Julie Chua, Director of Governance Risk and Compliance in the HHS Office of the CIO. The 405(d) Task Group worked diligently for 18 months to produce the HICP publication.
The 405(d) Task Group continues its charge and has provided a draft version 2 update of HICP. As we did in the first release, we would like this draft version to be peer reviewed across industry and across the country. This is where you come in. HHS is looking to form several ‘virtual focus groups’ to review the latest HICP draft and provide critical feedback. They are looking to break these focus groups into two sections: clinical and administrative staff, and IT and cyber staff.
Today’s ask
The recruitment flyer below contains details on how members can participate. Focus groups will be organized between September 20 and October 1.
- Related Resources & News
- Cyber Threat Alliance Publishes 2025 Cybersecurity in the Age of AI
- AI, Ransomware, and Medical Devices: Safeguarding Healthcare
- Securing Health Data in 2025: The Rising Cybersecurity Challenges
- Software Supply Chains and ISACs – The Inevitability Curve Podcast EP14
- Health-ISAC Hacking Healthcare 1-17-2025
- New HIPAA Cybersecurity Rules Pull No Punches
- What’s in HHS’ Proposed HIPAA Security Rule Overhaul?
- Cyber Threats Know No Borders
- Health-ISAC Hacking Healthcare 1-10-2025
- Google’s rural healthcare cybersecurity initiative