Fortified Health Security is healthcare’s recognized leader in cybersecurity – protecting patient data and reducing risk throughout the Fortified healthcare ecosystem.

405(d) for Healthcare

What You Need to Know Series


Special Briefing - 405(d) for Healthcare in 2022 and Beyond 

At a Fortified Ecosystem Roundtable attended by over 40 healthcare organizations, a live polling question showed a strong interest from the audience in learning more about 405(d). As a result, fortified held a special briefing on 405(d) with guest speaker Erik Decker, Co-Chair of the 405(d) HHS Task Group, on Thursday, June 23rd, 2022.

405(d) is not just another generic framework or regulation. It can be a powerful resource and tool for your healthcare organization. This special briefing on 405(d) will serve as an excellent start to your journey or help you accelerate your efforts by putting you in direct contact with senior leaders assisting others like you.

Watch our speakers as they share their experiences helping healthcare organizations research, evaluate, implement, measure, and maintain cybersecurity programs specifically, how 405(d) can be utilized by healthcare organizations and the program's future.

Learning Objectives:

  • Healthcare Focused Update on Frameworks, Regulations, and Best Practices
  • What is 405(d) from Guest Speaker, Erik Decker
  • Why 405(d) Makes Sense for Healthcare
  • Integration of 405 (d) into Healthcare Security Programs
  • The Future of 405(d) and Healthcare Cybersecurity

*This briefing included live Q&A for those in attendance and is not available on-demand; please attend live events for Q&A.

Request More Information




Erik Decker
Assistant Vice President – Chief Information Security Officer
Intermountain Healthcare
Erik Decker is the Assistant Vice President – Chief Information Security Officer at Intermountain Healthcare. Previously Erik was the Chief Security and Privacy Officer for the University of Chicago Medicine, where he was responsible for its Cybersecurity, Identity and Access Management and Privacy Program. Erik has over 25 years of experience within Information Technology, primarily focused on Information Security. The majority of his career has been focused on Academic Medical Centers, where he established two information security programs and an identity and access management program.

He is currently Co-Leading a Department of Health and Human Services (HHS) task group of more than 250 industry and government experts across the country for implementing the Cybersecurity Act of 2015, 405D legislation within the Healthcare sector. The publication was released in December 2018, titled “Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients” aka HICP, which establishes a national healthcare cybersecurity standard for small, medium and large sized healthcare organizations. Additionally, he led the development of the Health Industry Cybersecurity Tactical Crisis Response guide (HIC-TCR) under the same working group. He is also a member of the Executive Council of the Healthcare Sector Coordinating Council’s Joint Cybersecurity Work, which is a public-private workgroup formed under the National Infrastructure Protection Plan.
Russell Teague
VP, Advisory Services Assessment Services
Fortified Health Security 
Senior business leader with 25+ years of progressive experience in Information Security and the cybersecurity industry covering Healthcare, Pharma, Life Science, Financial, Retail, Technology, Manufacturing, Oil & Gas, and Utilities sectors. Mr. Teague has held roles as Chief Security Officer (CSO), Chief Technology Officer (CTO),  successful entrepreneur, and executive business leader in Cybersecurity.
Mr. Teague excels in complex business management environments with aggressive growth targets. Expertise in Advisory Services, Managed Services, Advanced Testing Services, Threat Management, Incident Response, Risk Management, and Board Level Advisement.

About Our Speakers

The 405(d) Program and Task Group is a collaborative effort between industry and the federal government, which aims to raise awareness, provide vetted cybersecurity practices, and move organizations towards consistency in mitigating the current most pertinent cybersecurity threats to the sector.