Censinet Delivers Support for Updated 2023 Edition of Health Industry Cybersecurity Practices (HICP)
Censinet RiskOps™ for HICP Incorporates Updated Threats, Practices, and Sub-Practices Published in HHS 405(d) Health Industry Cybersecurity Practices, 2023 Edition
CHICAGO, IL – HIMSS 2023 CONFERENCE – APRIL 19, 2023 – Censinet, the leading provider of healthcare risk management solutions, announced today support for the 2023 Edition of the HHS 405(d) Health Industry Cybersecurity Practices (HICP 2023), available through Censinet RiskOpsTM for HICP at no charge. Recently updated and published by the 405(d) Task Group, a public-private sector collaboration under the U.S. Department of Health and Human Services, and the Health Sector Coordinating Council Cybersecurity Working Group (HSCC CWG), HICP 2023 updates the top 5 cybersecurity threats and the top 10 best practices to mitigate these cyber threats, including recommended sub-practices tailored to small, medium, and large healthcare organizations.
“Reflecting an ever-evolving and increasingly malicious threat landscape, the 405(d) Task Group is proud to publish the HICP 2023 Edition,” said Erik Decker, Chief Information Security Officer at Intermountain Health and 405(d) Task Group Lead and Chairman of the HSCC CWG. “With HICP 2023 available, and organizations like Censinet loading this publication into their platform, we hope to accelerate diffusion and implementation of these effective, actionable, and relevant best practices to protect patient safety from cyber threats.”
Delivered as Censinet RiskOpsTM for HICP, the solution streamlines implementation and coverage of the HICP 2023 updated practices and sub-practices through total automation of all HICP workflows, benchmarking, and reporting, including:
- Enterprise self-assessment mapped to HICP 2023 and aligned to organizational size
- Automated Action Plan generation with Censinet finding and remediation tracking
- Evidence upload and documentation capture for centralized view and audit readiness
- Peer Benchmarking across HICP 2023 Edition updated practices and sub-practices
- Automated summary risk reporting for the Board, cyber insurers, and/or HHS Office for Civil Rights (OCR) audit support under Public Law 116-321
“Censinet is committed to delivering no-cost support for HICP 2023 to organizations regardless of size, stature, or resources,” said Ed Gaudet, CEO and Founder of Censinet. “The 405(d) Task Group continues to keep HICP updated and relevant as the cyber threat landscape evolves and Censinet RiskOps for HICP includes support for HICP 2023 to deliver an easy, affordable, and right-sized approach to improve cyber hygiene and protect patient safety and care.”
The publication of the HHS 405(d) Health Industry Cybersecurity Practices (HICP) in 2019 outlined, for the first time, a healthcare-specific approach to cybersecurity. Created in partnership with public and private organizations across the healthcare industry, HICP provides “practical, understandable, implementable, industry-led, and consensus-based voluntary cybersecurity guidelines to cost-effectively reduce cybersecurity risks” for “health care organizations of varying sizes.” To achieve this, HICP focuses on the five most prevalent cybersecurity threats and the ten best practice areas that mitigate those threats. Key updates from 2019 in the HICP 2023 Edition include:
- “Email Phishing” threat is now called “Social Engineering” threat
- “Attack Simulations” is added to Cybersecurity Practice #7: Vulnerability Management
- Cybersecurity Practice #9: Medical Device Security has a number of expanded sub-practices and guidance for medium and large organizations, including: unique IoT considerations, risk mitigation goals for medical devices, Security Orchestration and Automated Response (SOAR), and Software Bill of Materials (SBOM)
- Cybersecurity Practice #10 is now called “Cybersecurity Oversight and Governances”, and includes new sub-practices for Cyber Insurance and Cybersecurity Risk Assessment and Management
Full HICP 2023 Edition documentation can be found at 405d.hhs.gov.
To access Censinet RiskOps for HICP, including all HICP 2023 updates, contact email@example.com. Censinet representatives will be discussing and demoing Censinet RiskOps for HICP at HIMSS 2023. To connect with a Censinet team member at HIMSS 2023, please send an email to firstname.lastname@example.org or visit Censinet in the Cybersecurity Command Center #4309-39.
Censinet®, based in Boston, MA, takes the risk out of healthcare with Censinet RiskOps, the industry’s first and only cloud-based risk exchange of healthcare organizations working together to manage and mitigate cyber risk. Purpose-built for healthcare, Censinet RiskOpsTM delivers total automation across all third party and enterprise risk management workflows and best practices. Censinet transforms cyber risk management by leveraging network scale and efficiencies, providing actionable insight, and improving overall operational effectiveness while eliminating risks to patient safety, data, and care delivery. Censinet is an American Hospital Association (AHA) Preferred Cybersecurity Provider. Find out more about Censinet and its RiskOps platform at censinet.com.
# # #