CISA, HHS and HSCC release healthcare cybersecurity toolkit
Photo: luis gomes/Pexels
The Cybersecurity and Infrastructure Security Agency and the Department of Health and Human Services released the Cybersecurity Toolkit for Healthcare and Public Health after a discussion on cybersecurity challenges the U.S. healthcare and public health sector system faces and how government and industry can work together to close the gaps in resources and cyber capabilities.
WHY IT MATTERS
Because adversaries see healthcare and public health organizations as high-value, "cyber poor" targets, CISA is working with HHS and the healthcare sector to secure health organizations, explained CISA Deputy Director Nitin Natarajan in Wednesday's announcement, especially our under-resourced hospitals and health centers.
"Given that healthcare organizations have a combination of personally identifiable information, financial information, health records and countless medical devices, they are essentially a one-stop shop for an adversary," he said in a statement.
The new tool kit contains remedies for healthcare organizations of all sizes and addresses cyber hygiene, tools to build strong cybersecurity foundations, and resources to strengthen defenses and stay ahead of constantly evolving threats.
"The toolkit is designed for healthcare and public health organizations at every level of capability," HHS said in a statement Thursday.
The tool kit links to the Healthcare and Public Health Sector Coordinating Council resources for managing risks, improving security, and implementing and executing mature cybersecurity and response measures, such as HSCC's Health Industry Cybersecurity Practice.
HICP serves as the industry's response to the Cybersecurity Act of 2015 Section 405(d)'s requirement.
The new tool kit also connects users to the HPH Sector Cybersecurity Framework Implementation Guide by HHS and CISA's vulnerability scanning services, which evaluate external network presence by executing continuous scans of public, static IPv4s for accessible services and vulnerabilities.
The site also consolidates various cybersecurity alerts applicable to the healthcare sector, information about free cybersecurity services and tools, security training and tools, reporting portals, and more.
THE LARGER TREND
In August, CISA outlined its efforts to address immediate cybersecurity threats and harden systems against attack with greater accountability in its FY 2024-2026 strategic plan.
"We know we cannot achieve lasting security without close, persistent collaboration among government, industry, security researchers, the international community and others," CISA said in a statement when the plan was made public.
Under the National Cyber Incident Response Plan, CISA must also increase the number of participating organizations and the number of cyber defense plans for high-priority risks identified, the agency said.
Greg Garcia, executive director of HSCC Cybersecurity Work Group, has said that improving cyber preparedness is a collective responsibility.
"None of us individually is as smart as all of us collectively," he said in December at a HIMSS Cybersecurity Forum.
ON THE RECORD
"We are also focused on efforts to secure our world by educating the people, companies, and agencies how they can better secure themselves with cybersecurity," Natarajan said in a statement.
"CISA conducted pre-ransomware notifications to over 65 U.S. healthcare organizations to stop ransomware encryption and warn entities of early-stage ransomware activity," he noted.
"We have seen a significant rise in the number and severity of cyber attacks against hospitals and health systems in the last few years," added HHS Deputy Secretary Andrea Palm.
"The more they happen, and the longer they last, the more expensive and dangerous they become," she said.
Andrea Fox is senior editor of Healthcare IT News.
Email: afox@himss.org
Healthcare IT News is a HIMSS Media publication.