.st0{fill:#FFFFFF;}

405d Erik Decker Joins Us for Ep 405 

 May 5, 2023

By  Donna Grindle

It’s fitting that for episode 405 we talk with Erik Decker, lead on the HHS 405d Task Group, about the recently released Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients (HICP) 2023 edition. Since David and I are also on the 405d task group, we are excited to talk about the new updates and added resources FREELY available to help everyone prepare and fight against cybersecurity threats.

A 5 star review is all we ask from our listeners.
1x
Free HIPAA Training
Subscribe to the weekly email update from HMWH

I have read and agreed to your Privacy Policy

In this episode:

405d Erik Decker Joins Us for Ep 405

Today’s Episode is brought to you by:

Kardon

and

HIPAA for MSPs with Security First IT

 Subscribe on Apple Podcast. Share us on Social Media. Rate us wherever you find the opportunity. 

Great idea! Share Help Me With HIPAA with one person this week!

Learn about offerings from the Kardon Club

and HIPAA for MSPs!

Thanks to our donors. We appreciate your support!

If you would like to donate to the cause you can do that at HelpMeWithHIPAA.com

Like us and leave a review on our Facebook page: www.Facebook.com/HelpMeWithHIPAA

If you see a couple of numbers on the left side you can click that and go directly to that part of the audio. Get the best of both worlds from the show notes to the audio and back!

Thanks to our donors.


All things 405d in 2023

[02:46] Erik Decker is the Chairman of the Health Sector Coordinating Council Joint Cybersecurity Working Group and the lead of the 405d Task Group that recently released new updates and resources for the Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients (HICP). His day job consists of being the Vice President & Chief Information Security Officer, Intermountain Healthcare.

Baldrige Foundation Announces 2023 Leadership Award Recipients

Erik was also recently awarded the Baldrige Foundation Award for Leadership Excellence in Cybersecurity. Congratulations, Erik! Well deserved!

[10:58]

HICP 2023

  • Made incremental updates and changes to the phishing threat. It is now called social engineering and includes various types of social engineering threats.
  • Overall, not much has changed with the practices themselves, which shows that good cyber hygiene is pretty persistent.
  • Network Connected Medical Devices (Practice #9) had a pretty significant rewrite with a lot more in depth discussion and guidance on how to go about actually achieving some of those practices.
  • Cybersecurity Policies (Practice #10) is not called Cybersecurity Oversight and Governance. There’s risk assessment, policies and cyber insurance guidance in there now. It provides guidance on how to actually go about trying to achieve that.
  • [17:13] Hospital Resiliency Landscape Analysis. This analysis was an effort driven by the sector and government trying to diagnose what the problem set is for hospitals specifically in the United States. The analysis covered not only data security issues but also the damage that can be done to the operational resiliency of a hospital. Now, HHS is going to take that and figure out what they can do within their authorities and remits to incentivize and stimulate this area of healthcare to make some significant updates and changes.
  • [39:13] 405d Knowledge of Demand. Series of package content that anyone can take and deploy in their organizations, including:
    • Interactive videos that include audio, knowledge checks and animations.
    • SCORM content that can be downloaded and imported into a Learning Management System (LMS) that has a similar look and experience as the interactive videos.
    • Job aids which are single documents with key tips related to the 5 HICP cybersecurity threats.
    • Powerpoint presentations that can be used for in-person or on-site presentations. These also include presenter notes and knowledge checks to reinforce learning.
  • Side Bar: the Health Sector Coordinating Counsel has also released a free Cybersecurity Training Video Series for clinicians, professionals and students. These professional videos for clinicians, made by clinicians and you can receive CME and CEU credit for them. They are also available to download in SCORM format for importing to a LMS.
  • Other resources in the works are:
    • A publication on cybersecurity as a component of enterprise risk management discussing how to connect cyber as enterprise risk and not just technical cyber risk.
    • A publication, called OCCI, that will essentially cover the first 24 hours of a large-scale event. How to actually pull your emergency management team and response teams together and what that structure looks like… geared towards business continuity because of a cyber event.
    • And a large full scale incident response plan for cyber events and disruptions.
[45:40] The fun doesn’t stop there. The Health Sector Coordinating Council Joint Cybersecurity Working Group, which is inclusive of the 405d Task Group will be working on a 5 yr plan to keep the momentum going. The plan will potentially look at things like hospitals at home, how AI fits in with healthcare, what other new startups and economic inserts that will be a part of the healthcare space, building new products and all sorts of things to help advise and direct organizations to combat cybersecurity threats.

[49:26] For anybody who is an owner and operator of critical infrastructure and health care, you have an open invitation to join this group. Please join this group. You need to represent your constituents and your stake in critical infrastructure in our national health care system. Check out the Health Sector Council – Cybersecurity Working Group webpage and also the 405d Task Group, which is the biggest task group in the CyberWorking Group. Connect with us and join the team and be a part of the this movement.

We want folks to stay involved, stay engaged, and we definitely need the help particularly in the small and medium market. We need folks that work in the offices to be part of this. Regardless of your size of organization, It is really about having a voice at the table, because we need more of that. So, please consider volunteering your time to assist in the development of making cybersecurity changes in healthcare.

Remember to follow us and share us on your favorite social media site. Rate us on your podcasting apps, we need your help to keep spreading the word. As always, send in your questions and ideas!

HIPAA is not about compliance,

it’s about patient care.TM

Special thanks to our sponsors Security First IT and Kardon.

HelpMeWithHIPAA.com Is A
Collaborative Project

Created & Sponsored By: