Skip to main content

HHS launches website for the 405(d) Aligning Health Care Industry Security Approaches Program

The U.S. Department of Health and Human Services (HHS) through the Office of Chief Information Officer (OCIO) and Office of Information Security (OIS) launched a website for the HHS 405(d) Aligning Health Care Industry Security Approaches Program. The HHS 405(d) Program website was developed in partnership with the HHS 405(d) Task Group which includes more than 150 individuals from industry and the federal government who have tirelessly collaborated and provided their insights because they believe there is only one way to fight cybersecurity threats- together.  Through this new website, the 405(d) Program supports the motto that Cyber Safety is Patient Safety and provides the Healthcare and Public Health (HPH) sector with useful, impactful, and vetted resources, products, videos, and tools that help raise awareness and provide cybersecurity practices, which drive behavioral change and move toward consistency in mitigating the most relevant cybersecurity threats to the sector.

“The new 405(d) Program website is a step forward for HHS to help build cybersecurity resiliency across the Healthcare and Public Health Sector. This is also an exciting moment for the HHS Office of the Chief Information Officer in our ongoing partnership with industry,” said Christopher Bollerer, HHS Acting Chief Information Security Officer.

The HHS 405(d) Program was established in response to the Cybersecurity Act of 2015. Under section 405(d), HHS convened the CSA 405(d) Task Group to enhance cybersecurity and align industry approaches by developing a common set of voluntary, consensus-based, and industry-led cybersecurity guidelines, practices, methodologies, procedures, and processes that healthcare organizations can use. These are available in the program’s cornerstone publication Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients (HICP).

“This website is the first of its kind! It’s a unique space where the healthcare industry can access vetted cybersecurity practices specific to the HPH sector on a federal government website. I think it’s a great resource for the HPH sector to turn to and will surely be a go-to site for organizations that want to better protect their patients and facilities from the latest cybersecurity threats,” said Erik Decker, 405(d) Task Group Industry co-lead.

In addition to the HICP publication, the website also features healthcare-focused resources such as cybersecurity posters and infographics, installments of the bi-monthly 405(d) Post newsletter, 405(d) Spotlight Webinar recordings, and threat-specific products to support cybersecurity awareness and training efforts.  The new 405(d) website establishes a single 405(d) Program platform for the entire HPH sector to turn to for HPH focused cybersecurity resources provided by this public-private partnership initiative.  Moving forward, the website will be the home for all new products produced by the 405(d) Task Group and all information, events, and tools released by the 405(d) Program.