Getting your Trinity Audio player ready...
|
The Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Health and Human Services (HHS) have collaborated to organise for addressing the cybersecurity issues confronting the U.S. healthcare and public health (HPH) sector. The focus was on bridging resource and cyber capability gaps between the government and industry. In preparation, CISA and HHS unveiled a specialised cybersecurity toolkit designed to assist the healthcare and public health sectors.
CISA Deputy Director Nitin Natarajan emphasised the increasing appeal of healthcare and public health organisations, portraying them as high-value yet vulnerable targets – often referred to as “target-rich, cyber-poor” entities. This allure is due to the vast range of sensitive information healthcare organisations possess, including personal data, financial records, medical histories, and a multitude of medical devices.
For context, in 2023 alone, CISA intervened by issuing pre-ransomware notifications to more than 65 U.S. healthcare organisations to thwart ransomware encryption and alert them to early-stage ransomware activities.
Natarajan emphasised their unwavering dedication to partnering with HHS and the healthcare sector to enhance the safety of health organisations, both nationally and worldwide. Their mission, known as “Securing Our World,” encompasses educational endeavours targeting individuals, companies, and government agencies, aiming to strengthen cybersecurity measures.
HHS Deputy Secretary Andrea Palm highlighted the growing number and severity of cyberattacks against healthcare institutions, which jeopardise patient safety and trust. Partnering with CISA and industry experts, HHS strives to empower healthcare organisations, especially under-resourced ones, with vital cybersecurity tools and guidance.
In today’s digital healthcare landscape, where patient and medical data storage, medical procedures, and patient communication heavily rely on digital technologies, the exposure to cyber risks has grown significantly. This situation is compounded by the diverse array of challenges that hospitals, health centres, and clinics face in making more cybersecurity investments.
Throughout the past year, a collaborative effort involving CISA, HHS, and the Health Sector Coordinating Council (HSCC) Cybersecurity Working Group has been underway. This alliance leverages the combined strengths of each partner. CISA, as the nation’s cybersecurity agency, brings its technical expertise, while HHS contributes its wealth of knowledge in healthcare and public health. Additionally, the HSCC Cybersecurity Working Group provides invaluable practical insights from industry experts who grapple with cybersecurity issues in the healthcare and public health sectors daily.
A pivotal component of this ongoing initiative is the introduction of a new Cybersecurity Toolkit for Healthcare and Public Health, officially unveiled during the roundtable event. Accessible online, this toolkit serves as a centralised resource hub, encompassing:
- CISA’s Cyber Hygiene Services employ vulnerability scanning to enhance protection against known vulnerabilities, reduce the risk of cyberattacks, and encourage the adoption of best practices.
- HHS’s Health Industry Cybersecurity Practices, developed in collaboration with the industry, outlines effective cybersecurity measures that healthcare organisations of all sizes can embrace to bolster their cyber resilience.
- HHS and the HSCC’s HPH Sector Cybersecurity Framework Implementation Guide are designed to assist organisations in assessing and enhancing their level of cyber resiliency while offering recommendations on integrating cybersecurity with their broader information security and privacy risk management endeavours.
As the threat landscape evolves, these efforts underscore the commitment of CISA and HHS to bolster the resilience of healthcare and public health organisations in the face of escalating cybersecurity challenges. By furnishing them with the tools, knowledge, and guidance needed to enhance their cyber defences, the two agencies aim to safeguard not only the integrity of their data and systems but, more importantly, the well-being of patients who rely on their services. These comprehensive resources will remain invaluable in the ongoing battle to secure the healthcare sector against the evolving cyber threats it faces.