The U.S. Department of Health and Human Services has taken a bold step in applying the 80/20 rule to cybersecurity – and succeeded. On December 28, 2018, HHS released a set of voluntary guidelines for the healthcare sector. As one of the first publications to emerge from the Cybersecurity Act of 2015, the Section 405(d) Task Group has created a suite of free resources to help organizations of all sizes mitigate the top cyber threats.
These guidelines and supporting resources are based on the popular NIST framework. What sets these new guidelines apart from others is the pragmatic approach, clear language and realistic tailoring of controls based on organization size and risk profile. I recently delivered a presentation about the guidelines that you may find useful.