Cybersecurity In Healthcare
Resources To Prepare For And Mitigate Cyberattacks
Cyberattacks on healthcare entities, including healthcare distributors and manufacturers, are on the rise. More healthcare industry targets reported ransomware attacks in 2023 to the FBI’s Internet Crime Complaint Center than any other of the 16 sectors of critical infrastructure, per the FBI’s 2023 report (see bar chart on page 13 of the report).
Browse HIDA’s curated-for-members list of key federal agencies with cyber expertise and tools developed for the healthcare sector.
ASPR’s CIP leads and coordinates activities of HHS in support of the Healthcare and Public Health (HPH) Sector cybersecurity protection through the Joint Cybersecurity Working Group. Read more about:
Health Industry Publishes Guide for Medical Device and Health IT Security
On March 15, the Healthcare and Public Health Sector Coordinating Council (HSCC) Cybersecurity Working Group published updated recommendations for manufacturing and managing the security of medical devices for clinical practice. Refined over the past year, the "Medical Device and Health IT Joint Security Plan (JSP) 2.0" offers important updates and a major refresh of the original JSP published in 2019. JSP is a total product lifecycle reference guide to developing, deploying and supporting cyber secure technology solutions in the health care environment. The JSP utilizes "secure-by-design" and "secure-by-default" principles throughout the product lifecycle of medical devices and health IT solutions. Learn more on healthsectorcouncil.org.
ACISA has recently released a toolkit for the Healthcare and Public Health (HPH) sector. This toolkit is a collaborative effort between CISA and the Health Sector Coordinating Council Cybersecurity Working Group at HHS.
CISA also maintains a weekly vulnerability summary here.
The National Risk Management Center was established in 2018 to conduct risk analysis for critical infrastructure. The Center works with all levels of the government to understand and reduce risk of cyber and physical infrastructure disruptions. Read more here.
The FBI is the lead agency that investigates cyberattacks. Click here for information on preventive steps to protect against a cyberattack and how to report a cybercrime.
The Healthcare and Public Health (HPH) Sector maintains an HPH Ransomware Resource Library. The library has a variety of resources that can be used to healthcare facilities protected from ransomware attacks.