Call for Peer Reviews


Health-ISAC members may be interested in helping to review the update to the Health Industry Cybersecurity Practices (HICP) publication.



In 2017 HHS and Industry convened under the direction of Section 405(d) of the Cybersecurity Act of 2015 to develop guidance for improving cybersecurity practices in the healthcare sector.  A task group of more than 250 volunteers was formed, and in 2018 became a formal task group of the Health Sector Coordinating Council (HSCC) Joint Cybersecurity Working Group. This task group has been co-chaired by Erik Decker, CISO for Intermountain Healthcare, and Julie Chua, Director of Governance Risk and Compliance in the HHS Office of the CIO.   The 405(d) Task Group worked diligently for 18 months to produce the HICP publication.

The 405(d) Task Group continues its charge and has provided a draft version 2 update of HICP. As we did in the first release, we would like this draft version to be peer reviewed across industry and across the country. This is where you come in. HHS is looking to form several ‘virtual focus groups’ to review the latest HICP draft and provide critical feedback. They are looking to break these focus groups into two sections: clinical and administrative staff, and IT and cyber staff.

Today’s ask

The recruitment flyer below contains details on how members can participate. Focus groups will be organized between September 20 and October 1.

HICP Peer Review Flyer
Translate »