<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=2849132&amp;fmt=gif">
Request Demo
Solution Brief
Menu
Blog
Go to my account
Request Demo
Get Elisity Free

Health Industry Cybersecurity Practices

Elisity Cognitive Trust helps protect against the five cyber threats detailed in the HICP document

The Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients (HICP) is a publication by the U.S. Department of Health and Human Services (HHS) for the 405(d) Program. It identifies five cybersecurity threats and recommends ten best practices that can be used to mitigate them. The HICP is based upon widely accepted and used frameworks, standards, methodologies, processes, and procedures vetted by healthcare and security professionals. The recommendations in the HICP are based on the National Institute of Standards and Technology (NIST) Cybersecurity Framework.

405d-hicp-coverThe five threats that the document details are:

  • E-Mail Phishing Attacks
  • Ransomware Attacks
  • Loss or Theft of Equipment or Data
  • Insider, Accidental, or Intentional Data Loss
  • Attacks Against Connected Medical Devices

Best Practices in Focus by the HHS 405(d) HICP

  • E-Mail Protection Systems
  • Endpoint Protection Systems
  • Access Management
  • Data Protection & Loss Prevention
  • Asset Management
  • Network Management
  • Vulnerability Management
  • Incident Response
  • Medical Device Security
  • Cybersecurity Policies

How Elisity Supports HHS 405(d) HICP Compliance

Under the zero-trust network security paradigm, the definition of a successful cyber attack is not when the network perimeter is breached or an endpoint gets compromised, but when the ultimate goal of the cybercriminal is achieved: to exfiltrate and encrypt confidential data for ransom, steal patient information to sell it on the dark web, to sabotage healthcare delivery operations by wiping data or by attacking medical devices and operational technology. It is naive to believe that all initial breaches can be prevented, but it is wise to believe they can all be detected quickly and contained through identity-based microsegmentation and the enablement of continuous threat detection and response.

To attain their objectives, attackers need to be able to scan the network and move laterally while remaining undetected until they reach all of their targets. Elisity Cognitive Trust identity-based microsegmentation platform gives defenders the visibility and control platform to build least privilege access policies for users, devices and applications, and to deny attackers the springboards to progress their attack.

Elisity's solution accelerates microsegmentation projects without disrupting health delivery operations, without requiring endpoint agents, and without installing additional hardware. It secures endpoints, servers, IoMT, and OT devices in hospitals and clinics in an agentless way, using existing switches as policy enforcement points, and identity and telemetry sources as policy information points, following NIST Zero Trust Architecture and contributing to the goals of the HICP.

Medical Device and User Security Demo

Get in touch with us about your HHS 405(d) HICP compliance-related project and learn how you can accelerate it with Elisity Cognitive Trust.

Contact Us