Eli Richman reports:
Email phishing attacks, ransomware attacks and attacks against connected medical devices are among the greatest cyberthreats that health systems need to protect against, according to new cybersecurity guidance for health systems from the Department of Health and Human Services.
Released last week, the Health Industry Cybersecurity Practices were released to help the industry identify ways to reduce its risk from cyberthreats. The result of a two-year effort between HHS and private entities, the guidance fulfills a mandate of the Cybersecurity Act of 2015.
Read more on Fierce Healthcare.
The main guidance is embedded below the following links, but also see:
- Technical Volume 1: Cybersecurity Practices for Small Health Care Organizations: Technical Volume 1 discusses the ten Cybersecurity Practices along with Sub-Practices for small health care organizations.
- Technical Volume 2: Cybersecurity Practices for Medium and Large Health Care Organizations: Technical Volume 2 discusses the ten Cybersecurity Practices along with Sub-Practices for medium and large health care organizations.
- Resources and Templates: The Resources and Templates portion includes a variety of cybersecurity resources and templates for end users to reference.
- Cybersecurity Practices Assessments Toolkit (Appendix E-1): This tool helps organizations prioritize their cyber threats and develop their own action plans using the assessment methodology outlined in the Resources and Templates volume. This tool is still under development. To receive an advance copy, please contact us at [email protected].