New HHS Resource Helps SNFs Increase Cybersecurity

CAST | January 16, 2019 | by Donna Childress

Learn the five biggest threats and 10 best practices for skilled nursing facilities and other providers.

What McKnight's Long-Term Care News calls “the book” to help skilled nursing facilities (SNFs) and other healthcare providers battle the threat of cyber breaches is now available.
The United States Department of Health & Human Services (HHS) released Health Industry Cybersecurity Practices (HICP): Managing Threats and Protecting Patients on Dec. 28, 2018. The four-volume publication presents voluntary cybersecurity practices to healthcare organizations of all types and sizes, from local clinics to large hospital systems.
The HICP publication will help you do the following:

  • Discover the five most relevant and current threats to the industry.
  • Learn 10 cybersecurity practices to help mitigate these threats, from email protection systems to checks on the cyber safety of medical devices.
  • Read about real-life events and statistics that demonstrate the impact that cyber incidents have on financials and patient care.
  • Understand the call to action for all industry stakeholders, from C-suite executives and healthcare practitioners to IT security professionals, to take protective and preventive measures now. 

The McKnight's article gave a nod to the LeadingAge Cybersecurity White Paper, released last year, which noted that aging services and the healthcare industry are among the most frequently pursued for cyber-attacks because data stored is often lucrative, and security is typically weak compared to other fields.
The document is intended to answer the prevailing question, “Where do I start and how do I adopt certain cybersecurity practices?” wrote project co-leads Erik C. Decker, Chief Security and Privacy Officer at the University of Chicago Medicine, and Julia Chua, who handles risk management at the Office of Information Security at HHS, in the publication’s foreword.
"We heard loud and clear through this process that providers need actionable and practical advice, tailored to their needs, to manage modern cyber threats,” Decker said in an HHS statement. “That is exactly what this resource delivers; recommendations stratified by the size of the organization, written for both the clinician as well as the IT subject matter expert.”
The publication also includes two technical volumes for IT and IT security professionals:

  • Technical Volume 1 focuses on cybersecurity practices for small healthcare organizations.
  • Technical Volume 2 focuses on practices for medium and large healthcare organizations.
  • Resources and Templates helps organizations assess their own cybersecurity posture and develop policies and procedures. 

A two-year public-private partnership of more than 150 cybersecurity and healthcare experts from industry and the government led to the publication.

For additional information on cybersecurity, please check out the LeadingAge CAST Cybersecurity Resources.