Attacks and Vulnerabilities
CISA
Critical infrastructure
Medical
News
System Design & Architecture
Technology & Solutions
Threat Landscape
Vulnerabilities

CISA, HHS publish collaborative cybersecurity healthcare toolkit

October 26, 2023
CISA, HHS publish collaborative cybersecurity healthcare toolkit

In response to the increasing cybersecurity threats faced by the healthcare and public health (HPH) sector, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and Department of Health and Human Services (HHS) are leading the charge in fighting against cyber attacks. They are introducing a specialized cybersecurity healthcare toolkit that includes resources devised for the sector. 

The toolkit comes as the two agencies co-hosted a roundtable discussion on the cybersecurity challenges that the HPH sector system faces, and how government and industry can work together to close the gaps in resources and cyber capabilities. 

Over the past year, CISA, HHS and Health Sector Coordinating Council (HSCC) Cybersecurity Working Group have been working together to deliver tools, resources, training, and information that can help organizations within this sector. Together, CISA brings technical expertise as the nation’s cyber defense agency, HHS offers extensive expertise in healthcare and public health, and the HSCC Cybersecurity Working Group offers the practical expertise of industry experts working on cybersecurity issues in HPH every day.  

The cybersecurity healthcare toolkit can be navigated online and consolidates various resources, including CISA’s Cyber Hygiene Services, which use vulnerability scanning to help secure against known vulnerabilities, reduces the risk of cyberattacks and encourages the adoption of best practices.  The HHS’s Health Industry Cybersecurity Practices, which was developed with industry, outlines effective cybersecurity practices healthcare organizations of all sizes can adopt to become more cyber resilient. HHS and the HSCC’s HPH Sector Cybersecurity Framework Implementation Guide which helps organizations assess and improve their level of cyber resiliency and provide suggestions on how to link cybersecurity with their overall information security and privacy risk management activities.  

The healthcare toolkit consolidates key resources for HPH organizations at every level. Starting with the fundamental cyber hygiene steps that every organization and individual should take, the toolkit can help organizations within the HPH sector build their cybersecurity foundation and progress to implement more advanced, complex tools to strengthen their defenses and stay ahead of current threats. 

As cybersecurity is one of many areas where the HPH sector is facing persistent challenges, CISA and HHS are providing the toolkit filled with remedies to give sector stakeholders a greater ability to proactively assess vulnerabilities and implement solutions.

“Adversaries see healthcare and public health organizations as high value yet relatively easy targets – or what we call target rich, cyber poor.  Given that healthcare organizations have a combination of personally identifiable information, financial information, health records, and countless medical devices, they are essentially a one-stop shop for an adversary,” Nitin Natarajan, CISA deputy director, said in a media statement. “For example, just in 2023, CISA conducted pre-ransomware notifications to over 65 U.S. healthcare organizations to stop ransomware encryption and warn entities of early-stage ransomware activity.”

“We have seen a significant rise in the number and severity of cyber attacks against hospitals and health systems in the last few years. These attacks expose vulnerabilities in our healthcare system, degrade patient trust, and ultimately endanger patient safety. The more they happen, and the longer they last, the more expensive and dangerous they become,” according to Andrea Palms, HHS deputy secretary. “HHS is working closely with CISA and our industry partners to deliver the tools, resources, and guidance needed to help healthcare organizations, especially our under-resourced hospitals and health centers, mount a strong cyber defense and protect patient lives.”  

As healthcare organizations increasingly rely on digital technologies to store patient and medical information, carry out medical procedures, and communicate with patients, they are exposed to greater risk.  However, hospitals, health centers, and clinics, especially those that are under-resourced, are coping with a host of challenges making it harder to invest the necessary resources into cybersecurity.   

Through various initiatives and on-the-ground outreach, CISA and HHS are providing tools, information, and resources to help this vitally important component of the nation’s critical infrastructure reduce their cyber risk and reduce the likelihood of successful cyber incursions. 

Earlier this week, the CISA announced the next steps for ongoing engagement with industry and government to update the National Cyber Incident Response Plan (NCIRP). The NCIRP 2024 will address changes by incorporating lessons learned and feedback from stakeholders since the 2016 release, ensuring that the updated NCIRP is fully inclusive across non-federal stakeholders, and establishing a foundation for continued improvement of the nation’s response to significant cyber incidents.

Anna Ribeiro
Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related

Building a Culture of Cyber Resilience in Manufacturing (WEF)
WEF playbook addresses cyber resilience in manufacturing and supply chains, provides three guiding principles
DOE, EPA support NSM-22 focused on critical infrastructure security and resilience
DOE, EPA support NSM-22 focused on critical infrastructure security and resilience
White House releases National Security Memorandum on critical infrastructure security and resilience
White House releases National Security Memorandum on critical infrastructure security and resilience
US DHS delivers safety and security guidelines to secure critical infrastructure from AI-related threats
US DHS delivers safety and security guidelines to secure critical infrastructure from AI-related threats
Xage’s Zero Trust Session Collaboration tool delivers remote access, collaboration across industrial frameworks
Xage announces AI-powered analytics and insight capabilities to boost zero trust access and protection
US DHS establishes AI Safety and Security Board to advise on safe deployment in critical infrastructure
US DHS establishes AI Safety and Security Board to advise on safe deployment in critical infrastructure
AI for Energy - Opportunities for a Modern Grid and Clean Energy Economy (DoE)
US DOE rolls out initial assessment report on AI benefits and risks for critical energy infrastructure
Honeywell’s 2024 USB Threat Report reveals significant rise in malware frequency, highlighting growing concerns
Honeywell’s 2024 USB Threat Report reveals significant rise in malware frequency, highlighting growing concerns
Claroty’s Team82 details exploitation of classic deserialization vulnerability in Siemens EnMPro line
Claroty’s Team82 details exploitation of classic deserialization vulnerability in Siemens EnMPro line
Microsoft debuts ICSpector framework to enable examining information and configurations of industrial PLCs
Microsoft debuts ICSpector framework to enable examining information and configurations of industrial PLCs