© 2020 by Illuminar Consulting, Inc. Proudly created with Wix.com

  • LinkedIn Social Icon
  • Follow us on Twitter

HHS gets it right with new healthcare cybersecurity guidelines

The U.S. Department of Health and Human Services has taken a bold step in applying the 80/20 rule to cybersecurity – and succeeded. On December 28, 2018, HHS released a set of voluntary guidelines for the healthcare sector. As one of the first publications to emerge from the Cybersecurity Act of 2015, the Section 405(d) Task Group has created a suite of free resources to help organizations of all sizes mitigate the top cyber threats.


These guidelines and supporting resources are based on the popular NIST framework. What sets these new guidelines apart from others is the pragmatic approach, clear language and realistic tailoring of controls based on organization size and risk profile. I recently delivered a presentation about the guidelines that you may find useful.