On April 17, 2023, the US Department of Health and Human Services (HHS) released three cybersecurity tools specifically for the healthcare and public health (HPH) sector, aiming to raise awareness of cybersecurity risks, provide best practices, and help set standards in mitigating the most pressing cybersecurity threats to the sector.
The first tool, Health Industry Cybersecurity Practises (HICP) 2023 Edition, includes HHS-designed cybersecurity practises to aid in the prevention, response, and recovery from cybersecurity threats. The HICP technical volumes categorise these practises into "Sub Practises" for various organisational sizes and provide guidance on a variety of topics, including email protection systems, endpoint protection systems, access management, data protection and loss prevention, asset management, network management, vulnerability management, security operation centres and incident response, network-connected medical devices, and cybersecurity oversight and governance threat.
The second tool provided by HHS is Knowledge on Demand, a new online educational platform that provides training to improve cybersecurity awareness within health and public health organizations. This tool includes five training modules on social engineering, ransomware, loss or theft of equipment or data, accidental, intentional or malicious data loss, and attacks against network-connected devices.
The third tool, Hospital Cyber Resiliency Initiative Landscape Analysis, is a document that analyses domestic hospitals' present status of cybersecurity preparedness. It contains an assessment of the study's hospitals, which are compared to conventional cybersecurity recommendations such as HICP 2023 and the National Institute of Standards and Technology Cybersecurity Framework.
The Landscape Analysis makes ten key observations, including that directly targeted ransomware attacks aimed at disrupting clinical operations are an outsized and growing cyber threat to hospitals, variable adoption of critical security features and processes can expose hospitals to more cyberattacks, supply chain risk is prevalent for hospitals, the use of antiquated hardware, systems, and software by hospitals is concerning, and adopting HICP improves cyber resiliency.
These cybersecurity tools are crucial components of managing risk in the modern healthcare system. Cybersecurity issues create risks throughout healthcare entities and must be managed as a core business risk. At a minimum, they impact patient safety, business continuity, reputations, regulatory compliance, and economics. Health care organizations of any size should review the HICP 2023 resources and incorporate them into their cybersecurity programs.
Furthermore, the board's position in cybersecurity should be reconsidered in light of the US Cybersecurity & Infrastructure Security Agency's 2022 remarks, which emphasise the necessity of board engagement and oversight of cybersecurity risk management. Health care workers, security teams, and other departments on the front lines of preserving patient safety should all get cybersecurity training.
Overall, the healthcare and public health sector is a critical infrastructure that needs to be protected from cybersecurity threats. The HHS's release of these cybersecurity tools is a significant step towards enhancing cybersecurity preparedness in the healthcare industry. Health care organizations should take advantage of these resources and continue to prioritize cybersecurity risk management as a core business risk.
This blog was written by the Activated Solutions team. If you are a business owner or an individual concerned about your cybersecurity, it's time to take action. Activated Solutions can help you to protect your business and personal data from potential cyber threats.
Contact Activated Solutions today to learn more about how they can help you protect your business. With our expertise and commitment to cybersecurity, you can have peace of mind knowing that you are taking proactive steps to protect yourself and your business from potential data breaches.
For more information, please visit: activatedsolutions.ca.
Comments