How New Federal Cyber Resources Can Help Healthcare EntitiesCISO Erik Decker Shares New HHS Advisory Group Resources at HIMSS Conference
New resources released Monday from a high-profile federal advisory group provide insights into the state of healthcare sector preparedness and best practices for dealing with evolving cyberthreats, according to Erik Decker, CISO of Intermountain Healthcare and co-chair of the task force.
The three new documents include Health Industry Cybersecurity Practices 2023, which is an update of guidance first issued in 2019 by the 405(d) Task Group, an advisory panel to the Department of Health and Human Services. The panel includes more than 150 security experts from the federal government and industry.
"HICP is how we define cyber safety. It is the core cyber hygiene that's necessary for organizations to be adopting," Decker said Monday during the opening day of the 2023 Healthcare Information Management and Systems Society Global Conference and Exhibition in Chicago. The new version of HICP includes several new threats and mitigating practices.
The Department of Health and Human Services' 405(d) Program also released on Monday the Hospital Cyber Resiliency Initiative Landscape Analysis - a report on hospitals' current state of cybersecurity preparedness.
The document provides "a state of play of where things are now and information into how the investment into cyber looks," Decker said. "You can look at that data and benchmark your own organization."
Also released was Knowledge on Demand, a new online educational platform that offers free cybersecurity training courses for health and public health organizations to improve cybersecurity awareness.
Together, the resources represent "how the industry has rallied and stated, 'These are the things we think are important to do as professionals and in working with our government,'" Decker said.
In this interview with Information Security Media Group (click audio link below photo), Decker also discusses:
- Top findings about the adoption of critical security controls and security best practices among healthcare sector entities - and where improvements are most needed;
- How the new documents fit in with the Biden administration's national cybersecurity strategy;
- Security and privacy consideration of emerging technologies such as generative AI and ChatGPT.
Decker currently co-leads the HHS 405(d) Task Group, which was created to implement the Cybersecurity Act of 2015 405(d) legislation within the healthcare sector. He previously served as CISO and chief privacy officer at the University of Chicago Medicine.