New Healthcare Cybersecurity Framework Implementation Guide Released

The Health Sector Coordinating Council (HSCC) Cybersecurity Working Group and the U.S. Department of Health and Human Services worked together to develop and release the Cybersecurity Framework Implementation Guide. The guide was designed to help public and private healthcare organizations design, implement, and manage cybersecurity programs that align with the NIST Cybersecurity Framework. It provides organizations with specific steps they can take to better protect their data and reduce the risk of being the victim of a cyber incident. The actionable information found in the guide that will help organizations meet NIST standards includes:

  • Risk management principles and best practices
  • Common language to address and manage cybersecurity risk
  • Outlining a structure for organizations to understand and apply cybersecurity risk management
  • Identifying effective standards, guidelines, and practices to manage cybersecurity risk cost-effectively based on business needs

The National Institute for Standards and Technology (NIST) and other federal agencies made significant contributions to its content.

The 2018 NIST Framework for Improving Critical Infrastructure Cybersecurity is a risk management model that has become the standard for the public and private sectors managing cybersecurity risks. The guide released today adapts the 2018 NIST Framework for healthcare entities, better equipping them to implement the security framework using their existing security measures with minimal disruptions to their current operations.

“Healthcare cyberattacks are among the fastest growing type of cybercrime, jeopardizing patient care, damaging the integrity of healthcare systems, and threatening the U.S. economy,” said Assistant Secretary for Preparedness and Response Dawn O’Connell. “Healthcare organizations must safeguard their information technology systems to help prevent attacks and create a culture of cyber safety in the healthcare industry.”

The release of the Cybersecurity Framework Implementation Guide comes as cyber-attacks in the healthcare sector continue to make headlines. A recent breach involving a Washington D.C. provider compromised the data of approximately 170,000 people, including some members of Congress. Two hospitals recently had their health information technology systems disrupted due to attacks. In both cases, the hospitals’ medical laboratories had to stop using digital documents and use paper documentation.

CompliancePoint has helped healthcare organizations of all sizes improve their data security. We can guide your organization through HIPAA compliance, HITRUST and NIST certifications, SOC 2 attestations, and more. Reach out to us at to learn more.

Finding a credible expert with the appropriate background, expertise, and credentials can be difficult. CompliancePoint is here to help.