Introduction This volume will help answer the question, “How do I mitigate the five threats that were outlined in the Main document?” The practices outlined in this volume are most appropriate for medium-sized and large organizations. This volume is for the technical practitioner; it contains technical details for implementing cybersecurity practices. It provides an overview of cybersecurity practices that have been outlined by the industry as highly effective at mitigating risks to the health care industry. This volume is an index of existing industry practices, with guidance on how to start your journey implementing these practices. Details and explanations of the cybersecurity practices are included for additional context where needed. Please consider these simple instructions when reading this volume: 1) If you are a medium-sized organization, start with the sub-practices labeled with the heading “Sub-Practices for Medium-Sized Organizations.” Feel free to consider the additional subpractices as well. 2) If you are a large organization, consider implementing all the sub-practices listed in the document, including both those under the heading “Sub-Practices for Medium-Sized Organizations” and those labeled “Sub-Practices for Large Organizations.”
3
