HHS and the healthcare industry issued cybersecurity “best practices” that focus on baseline measures such as protecting emails, limiting system access and developing incident response plans -- based on a pre-testing process intended to assess the effectiveness of the security guidelines.