Information Security News mailing list archives
Security chief touts the value of HICP, a cyber preparedness 'cookbook' with recipes for readiness
From: InfoSec News <alerts () infosecnews org>
Date: Fri, 22 Nov 2019 10:45:59 +0000 (UTC)
https://www.healthcareitnews.com/news/security-chief-touts-value-hicp-cyber-preparedness-cookbook-recipes-readiness By Mike Miliard Healthcare IT News November 20, 2019In December of 2018, the U.S. Department of Health and Human Services published a four-part document known as Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients.
The document, known by the acronym HICP (and pronounced like the reflexive sound one might make after eating too quickly), offers extensive voluntary cybersecurity tips and best practices to help healthcare organizations – whatever size or shape they might be, and wherever they are with their security readiness – some tried-and-true advice and achievable steps to take to improve their posture.
As required by Cybersecurity Act of 2015, section 405(d), HICP was drafted to help hospitals and medical practices more cost-effectively mitigate their cybersecurity risks. It was a two-year effort, compiled by 150 healthcare and infosec experts, from the public and private sectors.
One of them was Erik Decker, chief security and privacy officer at University of Chicago Medicine, who served as industry co-lead on the project.
"We heard loud and clear through this process that providers need actionable and practical advice, tailored to their needs, to manage modern cyber threats," Decker explained upon HICP's publication in 2018. "That is exactly what this resource delivers; recommendations stratified by the size of the organization, written for both the clinician as well as the IT subject matter expert."
[...]
-- Subscribe to InfoSec News https://www.infosecnews.org/subscribe-to-infosec-news/ https://twitter.com/infosecnews_
Current thread:
- Security chief touts the value of HICP, a cyber preparedness 'cookbook' with recipes for readiness InfoSec News (Nov 22)