In December of 2018, the U.S. Department of Health and Human Services published a four-part document known as Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients.
The document, known by the acronym HCIP (and pronounced like the reflexive sound one might make after eating too quickly), offers extensive voluntary cybersecurity tips and best practices to help healthcare organizations – whatever size or shape they might be, and wherever they are with their security readiness – some tried-and-true advice and achievable steps to take to improve their posture.
As required by Cybersecurity Act of 2015, section 405(d), HCIP was drafted to help hospitals and medical practices more cost-effectively mitigate their cybersecurity risks. It was a two-year effort, compiled by 150 healthcare and infosec experts, from the public and private sectors.
One of them was Erik Decker, chief security and privacy officer at University of Chicago Medicine, who served as industry co-lead on the project.
“We heard loud and clear through this process that providers need actionable and practical advice, tailored to their needs, to manage modern cyber threats,” Decker…
