Health Industry Cybersecurity 

Announcing the publication of “Health Industry Cybersecurity – Managing Legacy Technology Security (HIC-MaLTS)” – a comprehensive guide to address the management of cyber risk caused by legacy technologies used in healthcare environments.   The 115-page toolkit recommends cybersecurity strategies organized in modular, actionable components that both manufacturers and health providers can implement for legacy medical technology as a shared responsibility in the clinical environment and provides insights for designing future devices that are more secure.

Link to the guide on Health Sector Coordinating Council (HSCC) website:


 Concurrently, the White House released today its “National Cybersecurity Strategy” which envisions an increased emphasis on protecting the nation’s critical infrastructures from cyber threats and incidents.  The HIC-MaLTS addresses that emphasis for healthcare through rigorously-negotiated recommendations for cybersecurity management and accountability between health delivery organizations and medical technology companies involving legacy medical systems in the clinical environment.   This will support our critical healthcare infrastructure and patient safety.


Who should use it?

The HIC-MaLTS details best practices and recommendations for medical device manufacturers (MDMs), healthcare delivery organizations (HDOs), and other technology providers whose products are used in healthcare environments.





What does it cover?

HIC-MaLTS covers, among other things:

  • The “Core Pillars” of a comprehensive legacy technology cyber risk management program:
    • Governance: How should healthcare stakeholders govern to ensure effective legacy technology cyber risk management?
    • Communications: Internally, to their customers, regulators, and the public—how should organizations communicate to manage legacy technology risk?
    • Cyber Risk Management: For current and future legacy technologies, how should organizations manage cyber risk to limit current risk and avoid or minimize future risk?
    • Future Proofing: How should MDMs and other technology providers design, deploy, and maintain their technologies to avoid or lessen legacy technology risks?


HSCC Publications

All 17 of the HSCC Cybersecurity Working Group publications of leading practices and recommendations are available as a free public service at  Additional forthcoming publications over the next quarter include:

  • Joint Publication with HHS on health sector implementation of the NIST Cybersecurity Framework
  • Medical Device Joint Security Plan v2, updating product security strategies for designing and building security into medical technology
  • Healthcare Enterprise Incident Response Plan
  • “Cybersecurity for the Clinician” video training series for practicing clinicians and students in the medical profession.
Translate »