CISA, HHS Release Cybersecurity Healthcare Toolkit

CISA, HHS Release Cybersecurity Healthcare Toolkit

October 26, 2023 at 12:21PM

The US cybersecurity agency CISA and the Department of Health and Human Services (HHS) have released a cybersecurity toolkit for healthcare and public health organizations. The toolkit provides guidance on cyber hygiene, threat landscape, best practices, and offers risk assessment tools and recommended resources. It also suggests accessing grants and free/low-cost services for organizations with limited resources. The release coincided with a roundtable discussion on cybersecurity challenges in the healthcare sector. Healthcare organizations are considered attractive targets for cyberattacks due to the valuable information they possess.

Meeting Takeaways:
– The US cybersecurity agency CISA and the Department of Health and Human Services (HHS) released a cybersecurity toolkit for healthcare and public health organizations.
– The toolkit aims to help organizations build their cybersecurity foundation and implement advanced tools to improve defense.
– It includes cyber hygiene steps, an overview of the threat landscape, best practices, and a cybersecurity framework implementation guide.
– The toolkit offers risk assessment tools, recommended vulnerability scanning services, and access to the Known Exploited Vulnerabilities (KEV) catalog.
– It also provides resources for strengthening security, preventing ransomware attacks, accessing free cybersecurity services and tools, and implementing incident response plans.
– For organizations with limited resources, the toolkit recommends accessing the State and Local Cybersecurity Grant Program (SLCGP) and free/low-cost services for immediate improvements.
– The toolkit outlines expectations from technology providers in the health sector.
– CISA and HHS co-hosted a roundtable discussion on cybersecurity challenges in the health sector and the importance of collaboration between the government and industry to mitigate risks.
– Healthcare and public health organizations are viewed as attractive yet vulnerable targets, given the valuable data they possess.

Related:
– Healthcare organizations reported significant impact and costs due to cyberattacks last year.
– Vulnerabilities in OpenEMR healthcare software exposed patient data.
– A data breach at HCA Healthcare compromised the personal information of 11 million patients.

Full Article