Skip to main content
U.S. flag
An official website of the United States government

Cybersecurity Act of 2015 (CSA)

The 405(d) Program develops consensus-based best practices and methodologies to strengthen the Healthcare & Public Health (HPH) sector’s cybersecurity posture against cyber threats. Through partnerships between government and industry, the program has released TWO vetted landmark publications for the sector to utilize in their cybersecurity defense. The 405(d) Program and Task Group actively continues to develop new products to help further strengthen our sector.

Health Industry Cybersecurity Practices
Operational Continuity - Cyber Incident
Hospital Cyber Resiliency Initiative
Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients (HICP 2023 Edition)

Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients (HICP 2023 Edition) outlines the top threats facing the HPH Sector. Developed with every stakeholder in mind, organizations ranging in size from small to large can benefit from the resources and best practices provided in the main document and additional two technical volumes. HICP aims to provide organizations with recommendations and best practices to prepare and fight against cybersecurity threats that can impact patient safety.

Learn more about the 5 threats and 10 mitigations