Skip Ribbon Commands
Skip to main content
Skip over global navigation links
U.S. Department of Health and Human Services

Aligning Health Care Industry Security Approaches

Cybersecurity Act of 2015, Section 405(d)

Cyber threats to healthcare entities put patient health, business continuity, and IT systems at risk. Under the auspices of the Cybersecurity Act of 2015 (CSA), Section 405(d), HHS convened the CSA 405(d) Task Group to enhance cybersecurity and align industry approaches by developing a common set of voluntary, consensus-based, and industry-led guidelines, practices, methodologies, procedures, and processes that healthcare organizations can use to enhance cybersecurity.

Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients (HICP) was developed to raise awareness, provide vetted cybersecurity practices, and move organizations towards consistency in mitigating the most pertinent cybersecurity threats. The HICP provides guidance on cost-effective methods that a range of healthcare organizations at every size and resource level can use to reduce cybersecurity risks.




Planned Town Halls

  • North Carolina Health and Human Services Raleigh, NC: January 22,2020
  • Greater New York Hospitals Association NYC: January 30, 2020
  • This page last reviewed: October 24, 2019