New Resources:

Monkeypox Information (Fact Sheet, Infographics, Webinar) | Affordable Connectivity Program Consumer Outreach Toolkit

Resource Details


Health Industry Cybersecurity Practices
Managing Threats and Protecting Patients

Resource Topic: Health Information Technology (HIT)/Data

Resource Subtopic: Privacy and Security.

Year Developed: 2019

Resource Type: Publication.

Primary Audience: Administrative Staff
Secondary Audience: C-Suite (CEOs, CFOs, CIOs, COOs, CMOs, etc)

Language(s): English

Developed by: Health and Human Services (See other resources developed by this organization).

Resource Summary: Cyber threats to healthcare entities put patient health, business continuity, and IT systems at risk. Under the auspices of the Cybersecurity Act of 2015 (CSA), Section 405(d), HHS convened the CSA 405(d) Task Group to enhance cybersecurity and align industry approaches by developing a common set of voluntary, consensus-based, and industry-led guidelines, practices, methodologies, procedures, and processes that healthcare organizations can use to enhance cybersecurity.

Resource Details: Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients (HICP) was developed to raise awareness, provide vetted cybersecurity practices, and move organizations towards consistency in mitigating the most pertinent cybersecurity threats. The HICP provides guidance on cost-effective methods that a range of healthcare organizations at every size and resource level can use to reduce cybersecurity risks.

This project is supported by the Health Resources and Services Administration (HRSA) of the U.S. Department of Health and Human Services (HHS) as part of an award totaling $6,625,000 with 0 percentage financed with non-governmental sources. The contents are those of the author(s) and do not necessarily represent the official views of, nor an endorsement, by HRSA, HHS, or the U.S. Government. For more information, please visit