The HHS 405(d) Program (see below) is an industry group supported by the U.S. Department of Health and Human Services (HHS) that is attempting to improve cyber security in the health industry. See examples of its resources and projects here. (We’ve reported numerous stories on cyber insurance for healthcare organizations and hospitals.)
The HHS program recently issued guidelines on “how to implement cyber insurance.” We found the top “implementation tips” interesting as implicit recommendations for what the feds/industry think are key requirements for cyber liability insurance in the healthcare industry (see details in the image below, provided by the group):
*Ensure the policy includes ransomware coverage
*Determine if the policy includes the “duty to defend,” meaning it covers legal support after a breach
*See if the policy offers a breach hotline
*Make sure you know if the policy requires the use of specific vendors for Incident Response
“The HHS 405(d) Program is a collaborative effort between The Health Sector Coordinating Council and the federal government to align healthcare industry security practices… The 405(d) Program started as a congressional mandate under the Cybersecurity Act of 2015 (CSA), Section 405(d) to strengthen the cybersecurity posture of the healthcare and public health sector… Today the 405(d) Program provides organizations across the nation with resources and recommended steps to prepare their organization for threats and also offers practices to mitigate cybersecurity threats:” reports the website.