Building Cybersecurity Awareness for a Healthcare Evolution

Improving the cybersecurity landscape and meeting the ongoing security demands placed on our clients is a priority for eGlobalTech (eGT). Our Cybersecurity Solutions Practice provides end-to-end services to proactively prevent cyber-attacks, by providing innovative solutions to optimize organizational performance and efficiency and build experienced teams to support our clients with their mission needs.

For the past two years, eGT has supported the Department of Health and Human Services (HHS) with adhering to the Cybersecurity Act of 2015 (CSA), Section 405(d), which calls for “Aligning Health Care Industry Security Approaches” by effectively building guiding documents for healthcare organizations of all sizes as it pertains to cybersecurity. The document known as “Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients (HICP),was developed for both technical and non-technical users within the healthcare industry. Using a threat-based approach, eGT advocated for the development of mitigation practices to protect healthcare stakeholders from cyber-attacks. HHS, in collaboration with its industry partners, saw this method as a benefit for the varying levels of healthcare organizations and focused their efforts on identifying cybersecurity practices that made for easy adoption of basic cyber risk management. These practices would act as a complement to the more technically savvy application mentioned by the National Institute of Standards and Technology (NIST) Cybersecurity Framework guidelines.

Establishment

The CSA 405(d) initiative brought together over 150 healthcare and information security professionals from around the country, both industry and government, to form the CSA 405(d) Task Group. The Task Group deliberated on their approach over multiple working sessions, bringing to the table many techniques and ideas. In the end, through a set of peer reviews and after-action interviews facilitated by eGT, the decision to institute ‘Five Threats and Ten Practices’ into the document was made. This collective, unanimous decision of the Task Group, was a much simpler and easier tactic for healthcare organizations of all sizes to digest. eGT played a critical role in guiding the decision-making for the Task Group and gathering feedback from stakeholders on the publication, making this phase a success.

Publication

Our CSA 405(d) Support Team helped HHS meet the mandated requirements by delivering the HICP publication, establishing an important milestone by promoting awareness, aligning healthcare cybersecurity practices, and moving towards uniformity in how current cybersecurity threats can be mitigated within the healthcare industry. To ensure the future success of HICP, eGT developed tailored outreach engagement activities for HHS to cover their diverse stakeholders. These activities will include a Fireside Chat, a Five Threats Series, and a Conference Roadshow, all focusing on instilling a comprehensive knowledge base on how to manage cybersecurity threats. By building community awareness through these activities, they are designed to springboard the HICP publication into industry notability and recognition.

eGT takes pride in providing services to our clients and recognizes that today’s technology will only work if it is secure. The development of the HICP publication and subsequent outreach is HHS’s first step towards proactive protection of the healthcare industry.

Read the cyber best practices document at https://www.phe.gov/Preparedness/planning/405d/Pages/hic-practices.aspx.

Contact info@eGlobalTech.com to learn more!

 

Copyright 2019 | eGlobalTech | All rights reserved.