What is HHS 405(d), and how can it help build cybersecurity readiness?
The HHS 405(d) Program was created as a provision of the Cybersecurity Act of 2015. It’s designed to offer resources and best practices for healthcare organizations and public health agencies to help mitigate and respond to cybersecurity threats.
Joining Healthcare IT News Executive Editor Mike Miliard to talk about 405(d), and the work that went into developing its cornerstone document, are Nick Rodriguez, program manager for 405(d) at the U.S. Department of Health and Human Services; Erik Decker, chief information security officer at Intermountain Healthcare and Eli Fleet, director of government relations at HIMSS.
Talking points:
- A brief background on 405(d) and what it means for healthcare stakeholders
- How the HHS 405(d) Task Group was convened, with 150 individuals from government and the healthcare industry
- Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients, or HICP, a cyber preparedness ‘cookbook’ with recipes for readiness
- The top 5 threats to cybersecurity, as described in that report
- How recent legislation is impacting 405(d)
- What healthcare organizations should be doing to avail themselves of these efforts
- Where healthcare security leaders can find vetted cybersecurity practices and other resources for risk mitigation
- How HICP will be evolving in the years ahead
- Why “Cyber Safety is Patient Safety”
- What attendees can learn about cybersecurity at HIMSS22 in Orlando.
More about this episode:
5 key takeaways from Cybersecurity Act of 2015
HHS releases voluntary cybersecurity guidance
Security chief touts the value of HICP, a cyber preparedness ‘cookbook’ with recipes for readiness
HHS launches website for the 405(d) Aligning Health Care Industry Security Approaches Program
There’s no ‘magic bullet’ to enhance cybersecurity, say experts