Healthcare 015 Featured Image

HHS Publishes New Cybersecurity Resources

HHS Cybersecurity Resources

The U.S. Department of Health and Human Services (HHS) Office of Information Security recently published new cybersecurity resources with the goal of mitigating common cybersecurity threats in the health care sector.

HHS Resources

Webinars: These are spotlighted periodically and noticed to subscribers. The next webinar spotlights Health Industry Cybersecurity Practices 2023 changes as it relates to Hospital Cyber Resiliency.

Health Industry Cybersecurity Practice (HICP) and Technical Guides: These provide pointed cybersecurity guidance specific to the size of an organization. HHS also included two volumes for technical guidance.

Knowledge on Demand: A free resource which provides quality cybersecurity education training. With increasing cybersecurity scrutiny by HHS, proof of workforce training can make a world of differences in the department’s breach investigation. Interactive videos, PowerPoints, and learning guides that can easily integrate into an organization’s system are a few examples. Topics covered stem from 1) social engineering, 2) ransomware, 3) loss or theft of equipment or data, 4) accidental, intentional, or malicious data loss; and 5) attacks against network connected medical devices.

Announcements: HHS is now issuing news releases that are sent to subscribers and posted to the website for historical viewing with ease.

Newsletters: HHS is now issuing bi-monthly newsletters to provide updates on new and emerging cybersecurity threats and technologies by highlighting the use of the HICP publication, how its Task Group members have used it in practical situations, and to share news of upcoming cybersecurity and U.S. Department of Health and Human Services events.

Resource Library: Encapsulates all updates in easy to review and share guides with highlights. A recent update provides a summary of technical updates available in the guides.

The health care sector has always been a target of cyber-related events. With the sharp increase in the number of cyber-events in recent years, the health care sector continues to take blows. HHS’ 405(d) Program hopes to provide practical and effective tools to bolster both cybersecurity awareness and the collective cybersecurity posture of the health care industry. 


HHS’ commitment to providing organizations with the information and implementation guidance it requires is worth the applause. The health care industry will likely not see much reprieve in the regulation sector; however, guides and resources surely help compliance palatable, possible, and easier.

Our team recommends organizations use these resources to document cybersecurity training, identify and remediate any existing cybersecurity gaps, and stay up to date with industry changes and issues.

For additional tips, see an article published on April 10, 2023, in Part B News, where Tampa Of Counsel Jade Davis shares her insight and expertise on the Health Care and Public Health Sector Cybersecurity Framework Implementation Guide 2.0, from HHS’ Administration for Strategic Preparedness (ASPR), its impact on the industry, and how compliance could impact cybersecurity insurance.

Subscribers can read the full article on the Part B News website.


This material is provided for informational purposes only. It is not intended to constitute legal advice nor does it create a client-lawyer relationship between Hall Booth Smith, P.C. and any recipient. Recipients should consult with counsel before taking any actions based on the information contained within this material. This material may be considered attorney advertising in some jurisdictions. Prior results do not guarantee a similar outcome.

Leave a comment