The US CISA has published a new set of online resources designed to help IT security leaders in the healthcare sector improve their organization’s security posture.
The Cybersecurity Toolkit for Healthcare and Public Health features a range of information, guidance and practical tooling to help reduce cyber-risk and the “likelihood of successful cyber-incursions” in the sector.
It has been jointly delivered by the CISA, the HHS, and the HSCC Cybersecurity Working Group.
- CISA’s Cyber Hygiene Services, which use vulnerability scanning to help organizations reduce their attack surface
- HHS’s Health Industry Cybersecurity Practices, which outline best practices to become more cyber-resilient
- HHS and the HSCC’s HPH Sector Cybersecurity Framework Implementation Guide, which is designed to help organizations assess and improve their level of cyber-resilience and provides suggestions on how to link cybersecurity with overall information security and risk management activities
Given that healthcare organizations have a combination of personally identifiable information, financial information, health records, and countless medical devices, they are essentially a one-stop shop for an adversary.
The severity and volume of attacks against hospitals and providers had surged in recent years. These assaults expose vulnerabilities in the healthcare system, degrade patient trust, and ultimately endanger patient safety. The more they happen, and the longer they last, the more expensive and dangerous they become.
HHS is working closely with CISA and our industry partners to deliver the tools, resources, and guidance needed to help healthcare organizations, especially our under-resourced hospitals and health centers, mount a strong cyber-defense and protect patient lives.