A leading US cybersecurity agency has published a new set of online resources designed to help IT security leaders in the healthcare sector to improve their organization’s security posture.
The Cybersecurity Toolkit for Healthcare and Public Health features a range of information, guidance and practical tooling to help reduce cyber-risk and the “likelihood of successful cyber-incursions” in the sector.
It has been jointly delivered by the Cybersecurity and Infrastructure Security Agency (CISA), the Department of Health and Human Services (HHS) and the Health Sector Coordinating Council (HSCC) Cybersecurity Working Group.
It includes:
- CISA’s Cyber Hygiene Services, which use vulnerability scanning to help organizations reduce their attack surface
- HHS’s Health Industry Cybersecurity Practices, which outline best practices to become more cyber-resilient
- HHS and the HSCC’s HPH Sector Cybersecurity Framework Implementation Guide, which is designed to help organizations assess and improve their level of cyber-resilience and provides suggestions on how to link cybersecurity with overall information security and risk management activities
Read more on healthcare threats: Healthcare Ransomware Attacks Cost US $78bn
CISA deputy director, Nitin Natarajan, explained that in 2023 to date, CISA has been forced to notify over 65 US healthcare organizations about early-stage ransomware activity on their networks.
“Adversaries see healthcare and public health organizations as high value yet relatively easy targets – or what we call target rich, cyber poor,” he added.
“Given that healthcare organizations have a combination of personally identifiable information, financial information, health records, and countless medical devices, they are essentially a one-stop shop for an adversary.”
HHS deputy secretary, Andrea Palm, explained that the severity and volume of attacks against hospitals and providers had surged in recent years.
“These attacks expose vulnerabilities in our healthcare system, degrade patient trust, and ultimately endanger patient safety. The more they happen, and the longer they last, the more expensive and dangerous they become,” she continued.
“HHS is working closely with CISA and our industry partners to deliver the tools, resources, and guidance needed to help healthcare organizations, especially our under-resourced hospitals and health centers, mount a strong cyber-defense and protect patient lives.”
The toolkit is available here.