From Healthcare Informatics Magazine :
In late December, the Department of Health and Human Services (HHS) released voluntary cybersecurity practices to the healthcare industry with the aim of providing practice guidelines to cost-effectively reduce cybersecurity risks.
…The HICP publication aims to provide cybersecurity practices for this vast, diverse, and open sector to ultimately improve the security and safety of patients. The main document of the publication explores the five most relevant and current threats to the industry. It also recommends 10 cybersecurity practices to help mitigate these threats.
The article tells us what is in the report but fails to link to it. I looked buy could not find it on the HHS site.
However remember that the majority of reported data breaches are stolen hardware. The best thing you can do to protect your self and your patients to keep the server locked up and encrypt your PHI data.