CISA & HHS Release Healthcare Cybersecurity Toolkit
The Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Health and Human Services (HHS) have collaborated and produced a cybersecurity toolkit for the U.S. healthcare and public health (HPH) sector.
The toolkit consolidates key resources such as CISA’s Cyber Hygiene Services, the HHS Health Industry Cybersecurity Practices, and the HHS and Health Sector Coordinating Council’s (HSCC) HPH Sector Cybersecurity Framework Implementation Guide. The toolkit includes resources, tools, training material, and information for HPH sector organizations at every level, from fundamental cybersecurity hygiene best practices to advanced and complex cybersecurity tools for strengthening security posture and keeping up to date on current and emerging threats.
The toolkit was released ahead of a roundtable discussion co-hosted by CISA and the HHS on the threats faced by the U.S. healthcare sector and to identify ways that the federal government and the healthcare industry can work together to close gaps in resources and cyber capabilities.
Cyberattacks on hospitals and health systems have increased significantly in the past few years, both in number and severity. “These attacks expose vulnerabilities in our healthcare system, degrade patient trust, and ultimately endanger patient safety. The more they happen, and the longer they last, the more expensive and dangerous they become,” said HHS Deputy Secretary, Andrea Palm. “HHS is working closely with CISA and our industry partners to deliver the tools, resources, and guidance needed to help healthcare organizations, especially our under-resourced hospitals and health centers, mount a strong cyber defense and protect patient lives.”
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Healthcare organizations are heavily reliant on digital technologies, which are used to store and transmit healthcare data, carry out medical procedures, and monitor and communicate with patients. These technologies have massively increased the attack surface and exposed healthcare organizations to greater risk. The healthcare industry has to cope with many challenges and there are competing priorities for resources, which can make it hard to invest the necessary resources into cybersecurity.
CISA, the HHS, and the HSCC Cybersecurity Working Group have been working together over the past year to provide healthcare organizations with the necessary tools, resources, training, and information to help them identify and address vulnerabilities and security gaps before they are exploited by malicious actors and harden their defenses.
“Adversaries see healthcare and public health organizations as high value yet relatively easy targets – or what we call target rich, cyber poor. Given that healthcare organizations have a combination of personally identifiable information, financial information, health records, and countless medical devices, they are essentially a one-stop shop for an adversary,” said CISA Deputy Director Nitin Natarajan. “We continue to work diligently with our partners at HHS and in the healthcare sector to secure our health organizations not only in the United States, but across the globe through our collaboration tools.”