In 2016, $6.2 billion was lost by U.S. health care systems because of data breaches, according to a new report by the U.S. Department of Health and Human Services. But the department is aiming to reduce that figure by providing voluntary cybersecurity practices to health care organizations of all sizes.

Dubbed “Health Insurance Cybersecurity Practices: Managing Threats and Protecting Patients,” the four-volume publication is the culmination of a two-year effort by 150 government and private health care and cybersecurity experts. The task force’s work was legislatively mandated by a 2015 federal law that charges the group with analyzing and making recommendations regarding securing and protecting the health care sector against cybersecurity incidents.