CISA, HHS and HSCC release healthcare cybersecurity toolkit

The Cybersecurity and Infrastructure Security Agency and the Department of Health and Human Services released the Cybersecurity Toolkit for Healthcare and Public Health following a discussion on the cybersecurity challenges facing the U.S. healthcare and public health system and how government and industry can work together to close the gaps in resources and cyber capabilities.

WHY IT MATTERS

Because adversaries view healthcare and public health organizations as high-value, “cyber-poor” targets, CISA is working with HHS and the healthcare industry to secure healthcare organizations, CISA Deputy Director Nitin Natarajan explained in the announcement Wednesday.

Especially our hospitals and health centers that are under-resourced.

“Given that healthcare organizations hold a combination of personally identifiable information, financial information, medical records and countless medical devices, they are essentially a one-stop shop for an adversary,” he said in a statement.

The new toolbox contains remedies for healthcare organizations of all sizes and covers cyber hygiene, tools to build a strong cybersecurity foundation, and resources to strengthen defenses and stay ahead of ever-evolving threats.

“The toolkit is designed for healthcare and public health organizations at all skill levels,” HHS said in a statement Thursday.

The toolkit is linked to Healthcare and Public Health Sector Coordinating Council resources for managing risk, improving safety and implementing and executing mature cybersecurity and response measures, such as HSCC’s Health Industry Cybersecurity Practice.

HICP serves as an industry response to the requirement of the Cybersecurity Act of 2015, Section 405(d).

The new toolkit also connects users to HHS’s HPH Sector Cybersecurity Framework Implementation Guide and CISA’s vulnerability scanning services, which evaluate external network presence by performing continuous scans of public, static IPv4s for accessible services and vulnerabilities.

The site also consolidates various cybersecurity alerts applicable to the healthcare industry, information on free cybersecurity services and tools, security training and tools, reporting portals, and more.

THE BIG TREND

In August, CISA outlined its efforts to address immediate cybersecurity threats and protect systems from higher-responsibility attacks in its fiscal year 2024-2026 strategic plan.

“We know that we cannot achieve sustainable security without close, sustained collaboration between government, industry, security researchers, the international community and others,” CISA said in a statement when the plan was made public.

Under the National Cyber ​​Incident Response Plan, CISA must also increase the number of participating organizations and the number of cyber defense plans for identified high-priority risks, the agency said.

Greg Garcia, executive director of the HSCC Cybersecurity Work Group, has said that improving cyber preparedness is a collective responsibility.

“None of us individually are as smart as all of us together,” he said at a HIMSS Cybersecurity Forum in December.

ON THE RECORD

“We are also focused on efforts to secure our world by educating people, businesses and agencies on how to better protect themselves with cybersecurity,” Natarajan said in a statement.

“CISA has sent pre-ransomware notifications to more than 65 US healthcare organizations to stop ransomware encryption and alert entities to early-stage ransomware activity,” he noted.

“We have seen a significant increase in the number and severity of cyberattacks on hospitals and healthcare systems in recent years,” said HHS Assistant Secretary Andrea Palm.

“The more often they occur and the longer they last, the more expensive and dangerous they become,” she said.

Andrea Fox is editor-in-chief of Healthcare IT News.
Email: afox@himss.org
Healthcare IT News is a HIMSS Media publication.