Censinet Delivers Comprehensive Support for New HHS Cybersecurity Performance Goals, Accelerates Coverage and Compliance

Post Summary
The HPH CPGs are voluntary cybersecurity guidelines released by HHS to help healthcare organizations strengthen cyber resiliency and protect patient safety.
Censinet provides tools like enterprise assessments, automated guidance, and real-time dashboards to help healthcare organizations achieve full compliance with the HPH CPGs.
The 10 Essential CPGs focus on foundational cybersecurity practices, while the 10 Enhanced CPGs address advanced practices to improve cyber maturity and resiliency.
Censinet RiskOps™ includes automated assessments, evidence capture, risk registers, real-time dashboards, and audit-ready reporting to streamline compliance efforts.
The HPH CPGs address common cyberattack vectors and provide actionable practices to protect patient care and strengthen cybersecurity across the healthcare sector.
Visit Censinet’s website or email info@censinet.com for more information.
Censinet Delivers Comprehensive Support for New HHS Cybersecurity Performance Goals, Accelerates Coverage and Compliance
Purpose-Built for Healthcare, Censinet Accelerates Coverage and Compliance Across All CPGs; Maximizes Speed to Identify, Assess, and Mitigate Third-Party Risks
BOSTON, MA – JANUARY 25, 2024 – Censinet, the leading provider of healthcare risk management solutions, today announced delivery of comprehensive support for healthcare organizations to assess, manage, and improve coverage and compliance for the full set of Healthcare and Public Health Sector Cybersecurity Performance Goals (HPH CPGs), released yesterday by the The U.S. Department of Health and Human Services (HHS). In the release, HHS provided 10 Essential and 10 Enhanced voluntary HPH CPGs to help healthcare organizations “prioritize implementation of high-impact cybersecurity practices”, strengthen industry cyber resiliency, and protect patient safety from escalating cyber threats.
“Censinet applauds HHS for releasing the HPH Cybersecurity Performance Goals to help accelerate our industry’s path toward stronger cyber maturity and resiliency,” said Ed Gaudet, CEO and Founder of Censinet. “Censinet is ready to deliver comprehensive support to all healthcare organizations to assess, improve, and demonstrate overall HPH CPG coverage, and implement many of the specific third-party risk and incident response-related CPGs.”
Censinet and leading healthcare cybersecurity experts, including Erik Decker, Chief Information Security Officer, Intermountain Health, and John Riggi, National Advisor for Cybersecurity and Risk, American Hospital Association, will host a webinar on February 21 at 11am ET to discuss the new HPH CPGs, the implications for healthcare organizations, recommendations for adoption, and the potential regulatory timeline – register here.
“Today’s release is exemplary of the public-private partnership at work,” said Erik Decker, Chairman of the Health Sector Coordinating Council (HSCC) Cybersecurity Working Group. “These CPGs leverage five years of work with the release of HICP and offer clarity and direction to our industry on key and necessary cybersecurity practices.”
The HPH CPGs are based on the Cybersecurity and Infrastructure Security Agency (CISA) Cross-Sector CPGs, NIST Cybersecurity Framework (CSF), Health Industry Cybersecurity Practices (HICP), and other cybersecurity best practices, frameworks, and guidelines. Per the release, the HPH CPGs “directly address common attack vectors against U.S. domestic hospitals as identified in the 2023 Hospital Cyber Resiliency Landscape Analysis.” The 10 Essential HPH CPGs are “foundational practices” enabling healthcare organizations to better protect and respond to cyberattacks, while the 10 Enhanced CPGs are “advanced practices” to drive greater cybersecurity maturity and resiliency.
“Censinet gives our organization a significant headstart on maintaining compliance with these new HHS Cybersecurity Performance Goals,” said Aaron Miri, SVP and Chief Digital & Information Officer at Baptist Health. “With its unique automation and capabilities purpose-built for healthcare, Censinet helps make it achievable for health systems to meet the requirements of the CPGs."
“The HHS Cybersecurity Performance Goals represent a pivotal moment for healthcare in protecting patient care from cyber threats,” said Joel Vengco, SVP and Chief Information & Digital Officer at Hartford HealthCare. “Censinet will greatly simplify our efforts to demonstrate ongoing compliance with these important new standards.”
Purpose-built for healthcare, Censinet RiskOpsTM accelerates healthcare organizations’ efforts to assess, manage, and maintain full coverage and compliance for all 10 Essential and 10 Enhanced HPH CPGs, including:
- HPH CPG enterprise assessments with evidence capture to assess and improve organization-wide coverage levels for all 10 Essential and 10 Enhanced HPH CPGs
- Ability to leverage completed NIST Cybersecurity Framework (CSF) or Health Industry Cybersecurity Practices (HICP) enterprise assessments – including those submitted for the 2024 Healthcare Cybersecurity Benchmarking Study – to rapidly complete HPH CPG enterprise assessments
- Automated, actionable guidance and trackable tasks to identify and close gaps in HPH CPG coverage
- Risk Register to manage open risk items across all third party- and enterprise risk-related HPH CPGs
- Censinet RiskOps Dashboard with real-time HPH CPG coverage levels, trend reports, trackable task status, benchmarks, and Board-ready graphics
- Audit-ready reporting to demonstrate coverage and compliance to the Board and regulators
In addition, Censinet RiskOps enables healthcare organizations to implement comprehensive solutions for third-party and incident response-related HPH CPGs, including the Essential CPG “Vendor/Supplier Cybersecurity Requirements” and the Enhanced CPGs “Third Party Vulnerability Disclosure” and “Third Party Incident Reporting.”
To learn more about the HPH CPGs and how Censinet can help your organization assess, manage, and maintain full coverage and compliance, please email info@censinet.com.
To schedule a conversation with Chris Logan, Chief Security Officer at Censinet, to discuss how the HPH CPGs might affect your organization – including the impact on cybersecurity & risk management processes, investment planning, resource allocation, and Board governance – please email info@censinet.com.
About Censinet
Censinet®, based in Boston, MA, takes the risk out of healthcare with Censinet RiskOps, the industry’s first and only cloud-based risk exchange of healthcare organizations working together to manage and mitigate cyber risk. Purpose-built for healthcare, Censinet RiskOpsTM delivers total automation across all third party and enterprise risk management workflows and best practices. Censinet transforms cyber risk management by leveraging network scale and efficiencies, providing actionable insight, and improving overall operational effectiveness while eliminating risks to patient safety, data, and care delivery. Censinet is an American Hospital Association (AHA) Preferred Cybersecurity Provider. Find out more about Censinet and its RiskOps platform at censinet.com.
# # #
Contacts:
Censinet
Briana McGann
(781) 328-4118
Key Points:
What are the HHS Cybersecurity Performance Goals (HPH CPGs)?
The HPH CPGs are voluntary cybersecurity guidelines released by the U.S. Department of Health and Human Services (HHS) to help healthcare organizations:
- Strengthen cyber resiliency.
- Protect patient safety from escalating cyber threats.
- Prioritize high-impact cybersecurity practices.
The HPH CPGs include 10 Essential CPGs (foundational practices) and 10 Enhanced CPGs (advanced practices) to improve cybersecurity maturity.
How does Censinet support healthcare organizations in meeting the HPH CPGs?
Censinet provides comprehensive tools and services to help healthcare organizations:
- Assess compliance: Conduct enterprise assessments for all 10 Essential and 10 Enhanced CPGs.
- Close gaps: Use automated guidance and trackable tasks to address compliance gaps.
- Monitor risks: Manage third-party and enterprise risks with real-time dashboards and risk registers.
- Demonstrate compliance: Generate audit-ready reports for Boards and regulators.
What are the 10 Essential and 10 Enhanced HPH CPGs?
- Essential CPGs: Foundational practices that enable healthcare organizations to better protect and respond to cyberattacks.
- Enhanced CPGs: Advanced practices that drive greater cybersecurity maturity and resiliency.
Examples include third-party vulnerability disclosure, incident reporting, and vendor cybersecurity requirements.
What features does Censinet RiskOps™ offer for HPH CPG compliance?
Censinet RiskOps™ includes:
- Enterprise Assessments: Evaluate organization-wide compliance with HPH CPGs.
- Evidence Capture: Centralize documentation to support compliance efforts.
- Automated Guidance: Identify and close gaps in compliance with actionable recommendations.
- Risk Register: Track open risk items across third-party and enterprise risks.
- Real-Time Dashboards: Monitor compliance levels, trends, and task progress.
- Audit-Ready Reporting: Demonstrate compliance to Boards and regulators.
Why are the HPH CPGs important for healthcare organizations?
The HPH CPGs:
- Address common cyberattack vectors identified in the 2023 Hospital Cyber Resiliency Landscape Analysis.
- Provide actionable practices to protect patient care and strengthen cybersecurity.
- Help healthcare organizations align with frameworks like NIST CSF and HICP.
Where can I learn more about Censinet’s support for the HPH CPGs?
Visit Censinet’s website or email info@censinet.com to learn more about how Censinet can help your organization achieve HPH CPG compliance.