HHS Issues Guide to Help Health Care Providers Enhance Cybersecurity
On March 8, 2023, the U.S. Department of Health and Human Services (HHS) released its Cybersecurity Framework Implementation Guide to help health care organizations prevent cybersecurity incidents. Created by HHS's Administration for Strategic Preparedness and Response (ASPR), in partnership with other agencies and private sector entities, the guide offers a roadmap for health care organizations to implement the National Institute of Standards and Technology (NIST) Cybersecurity Framework, including:
- Risk management principles and best practices;
- A common language to address and manage cybersecurity risk;
- A structure for organizations to understand and apply cybersecurity risk management; and
- Effective standards, guidelines, and practices to manage cybersecurity risk cost-effectively based on business needs.
The guide is intended to help organizations to:
- Understand NIST Cybersecurity Framework terminology, concepts, and benefits;
- Assess their current and targeted cybersecurity posture;
- Identify gaps in their current programs and workforce; and
- Identify current practices that help address recommended NIST Cybersecurity Framework outcomes.
Contact: Karen Lipson, klipson@leadingageny.org