Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Health and Human Services (HHS) unveiled a new Cybersecurity Toolkit, tailored to meet the specific needs and challenges of healthcare and public health organizations.
It was announced on October 25th, 2023 in conjunction with a roundtable discussion focused on the vulnerabilities within the healthcare sector and how to close the gaps in resources and cyber capabilities.
What happened
Before diving into a roundtable discussion about the cybersecurity challenges faced by the healthcare and public health (HPH) sector, CISA and HHS announced the release of a specialized Cybersecurity Toolkit.
Designed to help healthcare organizations improve their cyber defenses, the toolkit was a key topic at the discussion. This release signifies that both agencies are not just talking about problems; they're actively offering solutions to help healthcare entities better protect themselves against cyber threats.
What they're saying
"Adversaries see healthcare and public health organizations as high value yet relatively easy targets – or what we call target rich, cyber poor." said CISA Deputy Director Nitin Natarajan. "Given that healthcare organizations have a combination of personally identifiable information, financial information, health records, and countless medical devices, they are essentially a one-stop shop for an adversary."
HHS Deputy Secretary Andrea Palm said, "We have seen a significant rise in the number and severity of cyber attacks against hospitals and health systems in the last few years. These attacks expose vulnerabilities in our healthcare system, degrade patient trust, and ultimately endanger patient safety."
By the numbers
In just this year, CISA has sent pre-ransomware notifications to over 65 U.S. healthcare organizations, highlighting the immediate and prevalent risks. These alerts point to an urgent cybersecurity situation.
Each notification is a preventive measure and a compelling reason for healthcare entities to prioritize cybersecurity. The high volume of warnings in a single year illustrates the frequency and scale of the threats, and it is evident that cybersecurity needs to be front and center in healthcare management strategies.
The big picture
The healthcare sector faces many cyber threats, and tackling this issue requires a team effort. That's why CISA, HHS, and the Health Sector Coordinating Council's Cybersecurity Working Group are joining forces. CISA offers its technical skills in cyber defense, while HHS brings its deep knowledge of healthcare. Along with practical insights from the HSCC Working Group, they've rolled out toolkits, training, and resources specifically designed to boost cybersecurity within healthcare.
What to watch
The collaboration between CISA, HHS, and the Health Sector Coordinating Council (HSCC) Cybersecurity Working Group is a continuous effort. In the future, healthcare organizations can expect additional resources, updates, and maybe even live training sessions to be rolled out as part of this initiative.
Go deeper
The Cybersecurity Toolkit features resources like CISA's Cyber Hygiene Services, which perform vulnerability scanning to bolster defenses against known cyber threats.
Another component is HHS's Health Industry Cybersecurity Practices, developed with industry input, offering practical strategies for organizations of all sizes to enhance their cyber resilience. Additionally, the HPH Sector Cybersecurity Framework Implementation Guide by HHS and the HSCC helps organizations gauge and improve their cyber resiliency while aligning it with their broader risk management strategies.
Related: HIPAA Compliant Email: The Definitive Guide
Dean Levitt
