The Department of Health and Human Services has launched a new website designed to align HHS cybersecurity guidance across the healthcare spectrum and facilitate the exchange of best practices and information.

Collaboration is Key to HHS Cybersecurity Guidance

HHS Cybersecurity Guidance

Launched in December 2021, the website reflects the collaborative effort between the agency and the private sector that has emerged since the agency established the 405(d) Aligning Health Care Industry Security Approaches Program and the 405(d) Task Group.

The 405(d) Task Group comprises more than 150 industry and government experts who provide insight and ideas that can benefit the entire healthcare cybersecurity space. The website’s stated goal is to promote collaboration, “which aims to raise awareness, provide vetted cybersecurity practices, and move organizations towards consistency in mitigating the current most pertinent cybersecurity threats to the sector.”

Let’s Simplify Compliance

HIPAA compliance and cybersecurity go hand-in-hand. Protect your business by becoming HIPAA compliant today!

Learn More!
HIPAA Seal of Compliance

What to Look for in HHS Cybersecurity Guidance

The website acts as a clearinghouse for documents and videos outlining best practices, top threats facing the healthcare sector, stakeholder roles and responsibilities, and enterprise security risk management. The site will be updated with all future 405(d) content developed by the task group and HHS, including newsletters, videos, and awareness products.

Increased Threats Drive HHS Cybersecurity Guidance

This effort comes as the threat of cybercrimes continues to increase in the healthcare sector. A report issued by IBM Security in December 2021 found the average cost of healthcare breaches had soared to $9.3 million per occurrence –  a 29.5 percent increase over 2020’s average of $7.13 million.

Another report last year found that 42 percent of healthcare organizations did not have an incident response plan for cyberattacks. Failing to have an incident response plan is a clear violation of the HIPAA Security Rule and a fast-track to substantial fines.