Healthcare Industry’s Cybersecurity Best Practices Resource to be Featured at HIMSS19

Cyber Resource Contributor and Zingbox CTO Dr. May Wang Worked With Leaders From HIMSS, CHIME, NIST, Harvard, John Hopkins and Others to Help Create Guiding Principles for Cybersecurity in Healthcare

MOUNTAIN VIEW, Calif.--()--Zingbox, the provider of the most widely deployed Internet of Things (IoT) analytics platform in healthcare and a leader in healthcare IoT research, today announced that the cybersecurity toolkit developed by the industry-led Healthcare and Public Health Sector Coordinating Council (HSCC) in partnership with HHS will be presented to attendees at the HIMSS19 Conference in Orlando, Florida, on February 12, 2019 from 4:15 to 5:15 p.m. ET.

The presentation will include an overview of the cybersecurity resource document, “Health Industry Cybersecurity Practices (HICP): Managing Threats and Protecting Patients.” The four-volume publication seeks to raise awareness for executives, health care practitioners, providers and health delivery organizations such as hospitals. It is applicable to health organizations of all types and sizes across the industry. Zingbox CTO Dr. May Wang contributed to HICP as a member of the HSCC Task Group established in response to Section 405(d) of the Cybersecurity Act of 2015 (CSA). The HICP document will be presented by Task Group co-chairs Erik Decker, chief information security and privacy officer at University of Chicago Medicine, and Julie Anne Chua, risk management branch chief at the U.S. Department of Health and Human Services.

The HSCC 405(d) Task Group was established to enhance healthcare cybersecurity and align industry approaches by developing a common set of voluntary, consensus-based and industry-led guidelines, practices, methodologies, procedures and processes that healthcare organizations can use to enhance cybersecurity.

“The healthcare industry is truly a varied digital ecosystem,” Decker said. “We heard loud and clear through this process that providers need actionable and practical advice, tailored to their needs, to manage modern cyber threats. That is exactly what this resource delivers — recommendations stratified by the size of the organization, written for both the clinician as well as the IT subject matter expert.”

“It was my honor to work alongside such esteemed healthcare and technology leaders to help identify these practices for cybersecurity in healthcare,” said Dr. Wang. “Healthcare has a growing need to solve the cybersecurity threats that face our nation’s hospitals and healthcare systems. If we can share what Zingbox has learned to benefit the industry, we will all sleep better at night.”

Dr. Wang contributed her real-world expertise in healthcare cybersecurity to the group of more than 100 experts and senior-ranking leaders from the Healthcare Information and Management Systems Society (HIMSS), the College of Healthcare Information Management Executives (CHIME), Harvard Medical School, Johns Hopkins University, CVS Health, Anthem, the American Hospital Association, the National Institute of Standards and Technology (NIST) and the Medical Device Innovation, Safety and Security Consortium (MDISS).

“This task group is doing important work to protect healthcare organizations from cybersecurity threats,” Chua said. “The ‘Medical Device Security’ section of the HICP incorporates hands-on healthcare experience and insight from real-world applications that proved to be invaluable to our team. We can all be proud of the result and the impact it will have on the healthcare industry.”

About the Healthcare and Public Health Sector Coordinating Council. The Healthcare and Public Health Sector Coordinating Council (HSCC) is a coalition of private-sector, critical healthcare infrastructure entities organized under Presidential Policy Directive 21 and the National Infrastructure Protection Plan. Its mission is to partner with government in the identification and mitigation of strategic threats and vulnerabilities facing the sector’s ability to deliver services and assets to the public. The HSCC Joint Cybersecurity Working Group (JCWG) is a standing working group of the HSCC, composed of more than 200 industry and government organizations working together to develop strategies to address emerging and ongoing cybersecurity challenges to the health sector.

In 2017, HHS convened the CSA 405(d) Task Group, leveraging the HSCC. The Task Group convened six times from May 2017 through March 2018 and produced a draft of the “Health Industry Cybersecurity Practices (HICP): Managing Threats and Protecting Patients” publication. The draft was then “pretested” by more than 120 stakeholders within the healthcare industry in order to gauge usability, practicality and scalability. It was published for industry use on December 28, 2018 and can be found at The HICP will be updated regularly to keep the information on threats faced by the healthcare industry current and relevant. This public-private partnership is part of the ongoing effort to strengthen the cybersecurity posture of the Healthcare and Public Health (HPH) Sector.

For more information on the HSCC Cybersecurity Working Group, contact executive director Greg Garcia at

About Zingbox

Zingbox is the provider of the most widely deployed healthcare Internet of Things (IoT) analytics platform. Recently named a "Cool Vendor in IoT Security" by Gartner and recipient of the Gold Stevie Award for Most Innovative Company, Zingbox helps hospitals realize the full potential of their IoT medical devices, delivering a new standard for uninterrupted quality care through device inventory, management, security and optimization for the entire IoT environment. The company’s device-specific AI-powered machine learning platform uses the first real-time deep behavioral learning technology for connected medical devices. For more information, please visit


Laura Ruark


Laura Ruark