The Health Sector Coordinating Council (HSCC), in partnership with the U.S. Department of Health and Human Services, is pleased to announce the release of the “Health Industry Cybersecurity Practices (HICP): Managing Threats and Protecting Patients” publication. The four-volume publication seeks to raise awareness for executives, health care practitioners, providers, and health delivery organizations, such as hospitals. It is applicable to health organizations of all types and sizes across the industry.

Co-chaired by University of Chicago Medical Center CISO and HSCC CWG Executive Committee Member Erik Decker, and Julie Chua from HHS Office of the CIO, this industry-led effort – Task Group 1F – was in response to a mandate of the Cybersecurity Act of 2015 Section 405(d), to develop practical cybersecurity guidelines to cost-effectively reduce cybersecurity risks for the healthcare industry. The publication marks the culmination of a two-year effort that brought together more than 150 cybersecurity and healthcare experts from industry and the government. The consensus-based document was developed and released under the auspices of the HSCC Joint Cybersecurity Working Group, a public-private partnership to enhance healthcare and public health cyber and critical infrastructure security and resilience.

The publication consists of four volumes:

  1. The Main documentof the publication explores the five most relevant and current threats to the industry and recommends 10 Cybersecurity Practices to help mitigate these threats.
  2. Technical Volume 1discusses these 10 cybersecurity practices for small healthcare organizations. It is intended for IT and IT security professionals.
  3. Technical Volume 2discusses these 10 cybersecurity practices for medium and large healthcare organizations. It is intended for IT and IT security professionals
  4. Resources and Templatesprovide additional resources and materials that organizations can leverage to develop policies and procedures as well as assess their own cybersecurity posture, through a Cybersecurity Practices Assessment Toolkit.

For more information on this effort, please visit, or