CISA, HHS, and HSCC Jointly Release Cybersecurity Toolkit For Healthcare Sector
A leading US cybersecurity agency has published a new set of online resources designed to help IT security leaders in the healthcare sector to improve their organization’s security posture.
The Cybersecurity Toolkit for Healthcare and Public Health features a range of information, guidance and practical tooling to help reduce cyber-risk and the “likelihood of successful cyber-incursions” in the sector.
It has been jointly delivered by the Cybersecurity and Infrastructure Security Agency (CISA), the Department of Health and Human Services (HHS) and the Health Sector Coordinating Council (HSCC) Cybersecurity Working Group.
CISA deputy director, Nitin Natarajan, explained that in 2023 to date, CISA has been forced to notify over 65 US healthcare organizations about early-stage ransomware activity on their networks.
“Adversaries see healthcare and public health organizations as high value yet relatively easy targets – or what we call target rich, cyber poor,” he added.
“Given that healthcare organizations have a combination of personally identifiable information, financial information, health records, and countless medical devices, they are essentially a one-stop shop for an adversary.”
HHS deputy secretary, Andrea Palm, explained that the severity and volume of attacks against hospitals and providers had surged in recent years.
“These attacks expose vulnerabilities in our healthcare system, degrade patient trust, and ultimately endanger patient safety. The more they happen, and the longer they last, the more expensive and dangerous they become,” she continued.
“HHS is working closely with CISA and our industry partners to deliver the tools, resources, and guidance needed to help healthcare organizations, especially our under-resourced hospitals and health centers, mount a strong cyber-defense and protect patient lives.”
The toolkit is available here .