EGT Brings Innovation to Supports HHS Initiative
Safeguarding Protected Health Information (PHI) is a critical priority within the Department of Health and Human Services (HHS). In 2015, Congress passed Section 405(d) of the Cybersecurity Act of 2015 charging HHS with establishing a consensus-based guidelines, best practices, procedures, and processes to address cyber threats across the healthcare industry. To help HHS meet this mandate, EGT joined the team to guide strategic direction and perform the execution of the 405(d) Program. The campaign culminated in release of the “Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients (HICP)” publication and accompanying initiatives to drive adoption of the practices throughout the Healthcare and Public Health (HPH) Sector.
Once the HICP publication was complete, EGT contributed to strategic communications and branding efforts to build awareness of the publication and other 405(d) initiatives.
To craft the HICP publication, EGT initiated a 405(d) Task Group comprised of 150 HPH stakeholders and facilitated regular meetings and focus sessions. Effective stakeholder management was critical in identifying priorities, risks, and building agreement on the pressing needs of the industry. EGT documented cyber risk mitigations developed by the Task Group, provided cybersecurity subject matter experts to validate the guidance proposed, and facilitated discussions to resolve conflicting perspectives throughout the drafting process. Once the HICP publication was complete, EGT contributed to strategic communications and branding efforts to build awareness of the publication and other 405(d) initiatives. EGT conducted layered outreach activities including developing and distributing newsletters, guiding webinars, hosting town hall events, and producing social media campaigns.
EGT applied artificial intelligence (AI) and automation tools to increase outreach with the broader HPH community. HHS recognized a need for easy-to-consume, cyber risk management content to reach broader audiences. EGT Labs proposed utilizing a custom conversational chatbot to convey highly technical material into digestible and actionable content. HHS would also benefit from real-time analytics to guide the chatbot learning and target audience priorities.
Utilizing EGT Innovation Lab's AI powered chatbot, a pilot program was deployed in 2019 to allow testing by the 405(d) Task Group. The chatbot answered questions from members of the HPH sector about the Task Group’s mission, directed users to sections of the HICP publication, explained cybersecurity concepts, directed users on how to report cyber incidents, and explained healthcare cybersecurity acronyms. EGT developed a dashboard to monitor the performance and provide analytics and insights on most asked questions. The dashboard showcased usage analytics, questions asked by users, the number of user inquires received by the chatbot, estimates on time saved by users, and the response rate of the chatbot. This information was available for subsequent tuning of the chatbot to improve its performance over time and the efficiency of making important cyber risk mitigation information available to members of the HPH.
EGT’s support of the 405(d) Program at HHS demonstrates the power of effective stakeholder engagement, a factor often overlooked in cybersecurity initiatives, and the application of AI-powered automation, a concept not commonly applied to stakeholder engagement in cybersecurity. The Program continues to play a key role in the safeguarding of PHI in the HPH Sector.