GRI

CISA, HHS Release Collaborative Cybersecurity Healthcare Toolkit 

News Cybersecurity English Guidance
Date: 25th Oct, 2023 Source: Cybersecurity and Infrastructure Security Agency Country: USA Original Source

Brief

Here is a summary of the document:

Summary:

On October 25, 2023, the Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Health and Human Services (HHS) co-hosted a roundtable discussion to address the cybersecurity challenges faced by the U.S. healthcare and public health (HPH) sector. The agencies highlighted the need for collaboration between government and industry to close resource and cyber capability gaps. CISA and HHS released a cybersecurity toolkit, featuring resources tailored for the HPH sector, including CISA's Cyber Hygiene Services, HHS's Health Industry Cybersecurity Practices, and the HPS Sector Cybersecurity Framework Implementation Guide. The toolkit aims to help organizations within the sector reduce their cyber risk and improve their cyber resiliency.

,

WASHINGTON – Today, the Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Health and Human Services (HHS) co-hosted a roundtable discussion on the cybersecurity challenges that the U.S. healthcare and public health (HPH) sector system faces, and how government and industry can work together to close the gaps in resources and cyber capabilities. Ahead of the roundtable, CISA and HHS released a cybersecurity tool kit that includes resources tailored for the healthcare and public health sector.  

“Adversaries see healthcare and public health organizations as high value yet relatively easy targets – or what we call target rich, cyber poor.  Given that healthcare organizations have a combination of personally identifiable information, financial information, health records, and countless medical devices, they are essentially a one-stop shop for an adversary. For example, just in 2023, CISA conducted pre-ransomware notifications to over 65 U.S. healthcare organizations to stop ransomware encryption and warn entities of early-stage ransomware activity,” said CISA Deputy Director Nitin Natarajan. “We continue to work diligently with our partners at HHS and in the healthcare sector to secure our health organizations not only in the United States, but across the globe through our collaboration tools.  We are also focused on efforts to Secure Our World by educating the people, companies, and agencies how they can better secure themselves with cybersecurity.”  

“We have seen a significant rise in the number and severity of cyber attacks against hospitals and health systems in the last few years. These attacks expose vulnerabilities in our healthcare system, degrade patient trust, and ultimately endanger patient safety. The more they happen, and the longer they last, the more expensive and dangerous they become,” said HHS Deputy Secretary Andrea Palm. “HHS is working closely with CISA and our industry partners to deliver the tools, resources, and guidance needed to help healthcare organizations, especially our under-resourced hospitals and health centers, mount a strong cyber defense and protect patient lives.”  

Today, as healthcare organizations increasingly rely on digital technologies to store patient and medical information, carry out medical procedures, and communicate with patients, they are exposed to greater risk.  However, hospitals, health centers, and clinics, especially those that are under-resourced, are coping with a wide range of challenges making it harder to invest the necessary resources into cybersecurity.   

Over the past year, CISA, HHS and Health Sector Coordinating Council (HSCC) Cybersecurity Working Group have been working together to deliver tools, resources, training, and information that can help organizations within this sector. Together, CISA brings technical expertise as the nation’s cyber defense agency, HHS offers extensive expertise in healthcare and public health, and the HSCC Cybersecurity Working Group offers the practical expertise of industry experts working cybersecurity issues in HPH every day.  

A key part of this effort is a new Cybersecurity Toolkit for Healthcare and Public Health that was unveiled at today’s roundtable. This toolkit is easy to navigate online at www.CISA.gov/healthcare and consolidates resources like:  

  • CISA’s Cyber Hygiene Services, which use vulnerability scanning to help secure against known vulnerabilities, reduces the risk of cyberattacks and encourages the adoption of best practices.   
  • HHS’s Health Industry Cybersecurity Practices, which was developed with industry, outlines effective cybersecurity practices healthcare organizations of all sizes can adopt to become more cyber resilient.  
  • HHS and the HSCC’s HPH Sector Cybersecurity Framework Implementation Guide which helps organizations assess and improve their level of cyber resiliency and provide suggestions on how to link cybersecurity with their overall information security and privacy risk management activities.  

Through these and other helpful resources on the webpage, as well as through on-the-ground outreach, CISA and HHS are providing tools, information, and resources to help this vitally important component of the nation’s critical infrastructure reduce their cyber risk and reduce the likelihood of successful cyber incursions.  

Highlights content goes here...

Summary:

On October 25, 2023, the Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Health and Human Services (HHS) co-hosted a roundtable discussion on the cybersecurity challenges faced by the U.S. healthcare and public health (HPH) sector. The meeting aimed to address the gap in resources and cyber capabilities between government and industry, and featured the release of a cybersecurity toolkit specifically designed for the HPH sector.

According to CISA Deputy Director Nitin Natarajan, healthcare organizations are seen as high-value targets, with a combination of personally identifiable information, financial information, health records, and medical devices making them an attractive target for adversaries. CISA has conducted pre-ransomware notifications to over 65 U.S. healthcare organizations to date, warning them of early-stage ransomware activity.

HHS Deputy Secretary Andrea Palm emphasized the significant rise in cyber attacks against hospitals and health systems in recent years, which not only expose vulnerabilities in the healthcare system but also endanger patient safety. HHS is working closely with CISA and industry partners to provide the necessary tools, resources, and guidance to help healthcare organizations, particularly under-resourced hospitals and health centers, mount a strong cyber defense.

The Roundtable discussed the challenges faced by healthcare organizations, including the need to invest in cybersecurity, which is often hampered by limited resources. To address this, CISA, HHS, and the Health Sector Coordinating Council’s Cybersecurity Working Group have been working together to deliver tools, resources, training, and information to help organizations in the sector. The Roundtable released a new Cybersecurity Toolkit for Healthcare and Public Health, which is available online at www.CISA.gov/healthcare. The toolkit consolidates resources such as CISA’s Cyber Hygiene Services, HHS’s Health Industry Cybersecurity Practices, and HHS/HSCC’s HPH Sector Cybersecurity Framework Implementation Guide.

Through these resources and on-the-ground outreach, CISA and HHS aim to provide healthcare organizations with the tools and information needed to reduce their cyber risk and reduce the likelihood of successful cyber incursions.

Cybersecurity and Infrastructure Security Agency

Quick Insight
RADA.AI
RADA.AI
Hello! I'm RADA.AI - Regulatory Analysis and Decision Assistance. Your Intelligent guide for compliance and decision-making. How can i assist you today?
Suggested
Related Documents
Medical device salesperson reporting procedure guide
Date: 5th Feb, 2025 Source: Ministry of Health and Welfare (MOHW) Country: South Korea
News Healthcare & Pharma Guidance
​The EBA issues an Opinion in response to the European Commission’s proposed amendments to the EBA draft technical standards on conflicts of interests for issuers of asset-referenced tokens
Date: 5th Feb, 2025 Source: European Banking Authority (EBA) Country: European Union
News Financial services Guidance
Low risk waste positions: electrical equipment, including constituent parts and accessories
Date: 5th Feb, 2025 Source: Environment Agency (EA) Country: United Kingdom
News Environment Guidance

Form successfully submitted. One of our GRI rep will contact you shortly

Thanking You!

Click here

Enter your Email

Enter your registered username/email id.

Enter your Email

Enter your email id below to signup.

Enter your Email

Enter your email id below to signup.
Individual Plan
  • Designed for Growing Compliance Teams
$125 / month OR $1250 / year
Features
  • • Coverage for 20 jurisdictions
  • • Monitoring from 500+ regulatory authorities
  • • AI compliance summaries
  • • RaDa.ai : Single-Role
Best for: Researchers, Legal professionals, Academics
Subscribe Now
Enterprise Plan
  • Perfect for Global Enterprises
Contact for Pricing
Features
  • • Custom jurisdictional coverage
  • • Custom monitoring of regulatory authorities
  • • RaDa.ai : Customizable multi-role
  • • Custom reporting and dashboard capabilities
  • • API access for seamless integration
Best for: Law Firms, Corporations, Government Bodies
Contact Sales