On Dec. 1, the U.S. Department of Health and Human Services (HHS) through the Office of Chief Information Officer (OCIO) and Office of Information Security (OIS) announced via a press release the launch of a website for the HHS 405(d) Aligning Health Care Industry Security Approaches Program.
The release states that “The HHS 405(d) Program website was developed in partnership with the HHS 405(d) Task Group which includes more than 150 individuals from industry and the federal government who have tirelessly collaborated and provided their insights because they believe there is only one way to fight cybersecurity threats- together. Through this new website, the 405(d) Program supports the motto that Cyber Safety is Patient Safety and provides the Healthcare and Public Health (HPH) sector with useful, impactful, and vetted resources, products, videos, and tools that help raise awareness and provide cybersecurity practices, which drive behavioral change and move toward consistency in mitigating the most relevant cybersecurity threats to the sector.”
That said, “The HHS 405(d) Program was established in response to the Cybersecurity Act of 2015. Under section 405(d), HHS convened the CSA 405(d) Task Group to enhance cybersecurity and align industry approaches by developing a common set of voluntary, consensus-based, and industry-led cybersecurity guidelines, practices, methodologies, procedures, and processes that healthcare organizations can use. These are available in the program’s cornerstone publication Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients (HICP).”
Christopher Bollerer, HHS acting CISO was quoted in the release saying that “The new 405(d) Program website is a step forward for HHS to help build cybersecurity resiliency across the Healthcare and Public Health Sector. This is also an exciting moment for the HHS Office of the Chief Information Officer in our ongoing partnership with industry.”
The release explains that in addition to the HICP publication, the website also features healthcare-focused resources like cybersecurity posters and infographics, installments of the bi-monthly 405(d) Post newsletter, 405(d) Spotlight Webinar recordings, and threat-specific products to support cybersecurity awareness and training efforts.
“The new 405(d) website establishes a single 405(d) Program platform for the entire HPH sector to turn to for HPH focused cybersecurity resources provided by this public-private partnership initiative,” the release continues. “Moving forward, the 405d.hhs.gov website will be the home for all new products produced by the 405(d) Task Group and all information, events, and tools released by the 405(d) Program.”
