Resources To Prepare For And Mitigate Cyberattacks

Cyberattacks on healthcare entities, including healthcare distributors and manufacturers, are on the rise. More healthcare industry targets reported ransomware attacks in 2023 to the FBI’s Internet Crime Complaint Center than any other of the 16 sectors of critical infrastructure, per the FBI’s 2023 report (see bar chart on page 13 of the report).

Browse HIDA’s curated-for-members list of key federal agencies with cyber expertise and tools developed for the healthcare sector.

+ Administration for Strategic Preparedness and Response (ASPR), Critical Infrastructure Protection (CIP) Division

ASPR’s CIP leads and coordinates activities of HHS in support of the Healthcare and Public Health (HPH) Sector cybersecurity protection through the Joint Cybersecurity Working Group. Read more about:

Health Industry Publishes Guide for Medical Device and Health IT Security
On March 15, the Healthcare and Public Health Sector Coordinating Council (HSCC) Cybersecurity Working Group published updated recommendations for manufacturing and managing the security of medical devices for clinical practice. Refined over the past year, the "Medical Device and Health IT Joint Security Plan (JSP) 2.0" offers important updates and a major refresh of the original JSP published in 2019. JSP is a total product lifecycle reference guide to developing, deploying and supporting cyber secure technology solutions in the health care environment. The JSP utilizes "secure-by-design" and "secure-by-default" principles throughout the product lifecycle of medical devices and health IT solutions. Learn more on

+ Cybersecurity and Infrastructure Security Agency (CISA), Department of Homeland Security (DHS)

ACISA has recently released a toolkit for the Healthcare and Public Health (HPH) sector. This toolkit is a collaborative effort between CISA and the Health Sector Coordinating Council Cybersecurity Working Group at HHS.

CISA also maintains a weekly vulnerability summary here.

+ National Risk Management Center, CISA, DHS

The National Risk Management Center was established in 2018 to conduct risk analysis for critical infrastructure. The Center works with all levels of the government to understand and reduce risk of cyber and physical infrastructure disruptions. Read more here.

+ Federal Bureau of Investigations (FBI)

The FBI is the lead agency that investigates cyberattacks. Click here for information on preventive steps to protect against a cyberattack and how to report a cybercrime.