HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

CISA Releases Ransomware Readiness Assessment Audit Tool

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has launched a new tool that can be used by organizations to assess how well they are equipped to defend and recover from a ransomware attack.

The threat from ransomware has gown significantly over the past year. The Verizon Data Breach Investigations Report shows 10% of cyberattacks now involve the use of ransomware, with SonicWall reporting a 62% global increase in ransomware attacks since 2019 and a 158% spike in attacks in North America during the same period. BlackFog predicts loses due to ransomware attacks will increase to $6 trillion in 2021, up from $3 trillion in 2015.

The Ransomware Readiness Assessment (RRA) audit module has been added to CISA’s Cyber Security Evaluation Tool (CSET). CSET is a desktop software tool that guides network defenders through a step-by-step process of assessing their cybersecurity practices for both their information technology (IT) and operational technology (OT) networks. CSET can be used to perform a comprehensive evaluation of an organization’s cybersecurity posture using recognized government and industry standards and recommendations.

The RRA can be used to evaluate cybersecurity defenses specifically relating to ransomware. CISA says the RRA tool has been developed for organizations at all levels of cybersecurity maturity and will allow network defenders to evaluate their defenses against recognized standards and best practice recommendations in a systematic, disciplined, and repeatable manner.

Get The Checklist

Free and Immediate Download
HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

The RRA guides asset owners and operators through a systematic process to evaluate cybersecurity practices against ransomware threats and provides an analysis dashboard with graphs and tables displaying the results of the assessment, both in summarized and detailed form.

The RRA tool is available through CSET, which should first be downloaded and correctly installed. The installation file and instructions on installing CSET and starting the ransomware readiness assessment is available on GitHub on this link.

CISA is urging all organizations to install the CSET tool and conduct a Ransomware Readiness Assessment to evaluate their cybersecurity defenses.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.