HHS Cyber Initiative: Cybersecurity Training For Your Healthcare Business

The healthcare industry is a prime target for cyberattacks due to the sensitive nature of patient data. In response, the US Department of Health and Human Services (HHS) recently announced a new cyber initiative with specific cybersecurity goals for healthcare companies, including doctors, billing companies, and medical SaaS providers. Let's unpacks the key aspects of this initiative and its implications for your business.

Building a Culture of Cybersecurity

The initiative emphasizes the importance of Basic Cybersecurity Training, aiming for:

  • Informed and Trained Users: All employees should understand basic cyber hygiene practices, such as phishing identification and password security.
  • Empowered Privileged Users: Individuals with access to sensitive data must be aware of their heightened responsibility and receive specialized training.
  • Engaged Third Parties: Suppliers, customers, and partners should also be equipped with knowledge to protect their part of the healthcare ecosystem.

HICP Practices for Defense

The initiative recommends two specific HICP (Health Industry Cybersecurity Practices) to achieve these goals:
  • Email Protection Systems: Implement robust email filtering and security solutions to block phishing attacks and malware.
  • Cybersecurity Oversight and Governance: Establish clear roles, responsibilities, and communication channels within your organization regarding cybersecurity.

Threats Addressed

By focusing on these practices and goals, the initiative aims to mitigate the following cyber threats:

  • Ransomware: Encrypting sensitive data and demanding payment for its release.
  • Social Engineering: Tricking users into revealing confidential information or taking malicious actions.
  • Insider Threat: Employee or contractor misuse of access for personal gain or harm.
  • Attacks on Network-Connected Devices: Exploiting vulnerabilities in medical devices and other connected equipment.

Impact on Your Healthcare Business

This initiative signifies a growing emphasis on cybersecurity within the healthcare industry. As a business owner, you should:

  • Assess your current cybersecurity posture: Evaluate your existing training programs, email security systems, and overall governance framework.
  • Develop a plan to implement the HICP practices: Consider how to best integrate email protection and oversight initiatives into your operations.
  • Train your employees and third parties: Invest in training programs to equip your workforce and partners with the knowledge and skills to defend against cyber threats.
  • Stay informed about evolving threats and regulations: Keep up-to-date with the latest cyber threats and regulatory changes in the healthcare industry.

The HHS cyber initiative presents an opportunity for healthcare businesses to strengthen their cybersecurity posture and protect sensitive patient data. By taking proactive measures and aligning with the recommended practices, you can safeguard your business and contribute to a more secure healthcare ecosystem. Remember, cybersecurity is not just an IT issue - it's a business imperative.


Navigating the complexities of HHS cyber initiatives can be overwhelming. Vector Choice is your trusted partner, offering comprehensive support and expertise. We equip your entire workforce with best-in-class cybersecurity training, empowering them to safeguard your business and patient data. Let's navigate this together, contact us today!