HICP Transforms Healthcare Cybersecurity Risk Management

Understanding and Applying HICP for Healthcare Risk Management

The publication of the HHS 405(d) Health Industry Cybersecurity Practices (HICP) in 2019 outlines a healthcare-specific approach to cybersecurity. It was developed by the HHS in partnership with organizations across the healthcare industry and is designed to provide “practical, understandable, implementable, industry-led, and consensus-based voluntary cybersecurity guidelines to cost-effectively reduce cybersecurity risks” for “healthcare organizations of varying sizes.” To achieve this, HICP focuses on the five most prevalent cybersecurity threats and ten cybersecurity practices that address those threats. This webinar, featuring healthcare CISOs, explains how to implement HICP and why it’s so important.


Erik Decker, Assistant Vice President – Chief Information Security Officer at Intermountain Healthcare. Co-Lead, a Department of Health and Human Services (HHS) task group of more than 250 industry and government experts across the country for implementing the Cybersecurity Act of 2015, 405D legislation within the Healthcare sector.

Chris Logan, SVP and Chief Security Officer of Censinet. Alumni Board Member, Association for Executives in Healthcare Information Security (AEHIS). Former CISO Care New England Health System.