CISA and HHS Cybersecurity Healthcare Toolkit for HPH Sectors
CISA and HHS joined forces to discuss the cybersecurity challenges faced by the U.S. healthcare and public health (HPH) sector. This discussion aims to address these challenges and explore how government and industry can collaborate to strengthen the sector’s cybersecurity defenses. In conjunction with this event, CISA and HHS have released a valuable cybersecurity healthcare toolkit tailored to the healthcare and public health sectors.
Why is this important?
Cyber attackers view healthcare and public health organizations as enticing targets because they hold a wealth of valuable information. These organizations typically store personally identifiable information, financial data, health records, and various medical devices, making them an all-in-one treasure trove for potential adversaries. To put it into perspective, in 2023, CISA provided pre-ransomware notifications to more than 65 U.S. healthcare organizations to thwart ransomware attacks and alert them to early-stage ransomware activity.
Nitin Natarajan, Deputy Director of CISA, highlighted their unwavering commitment to collaborating with HHS and the healthcare sector to bolster the security not only of U.S. health organizations but also those around the world. Their mission extends to educating individuals, businesses, and agencies on enhancing their cybersecurity practices – ultimately, they aim to “Secure Our World.”
Andrea Palm, Deputy Secretary of HHS, stressed the alarming increase in cyberattacks against hospitals and health systems. These attacks expose vulnerabilities within the healthcare system, erode patient trust, and, most critically, jeopardize patient safety. The longer these attacks persist, the more costly and dangerous they become. HHS is working closely with CISA and industry partners to provide healthcare organizations, especially those with limited resources, the tools, resources, and guidance they need to fortify their cyber defenses and protect patient lives.
Cybersecurity Toolkit for Healthcare and Public Health
In recent times, healthcare organizations have become increasingly reliant on digital technologies to store patient information, conduct medical procedures, and engage with patients. However, these organizations, particularly those facing resource constraints, grapple with various challenges that hinder their ability to invest adequately in cybersecurity.
Over the past year, CISA, HHS, and the Health Sector Coordinating Council (HSCC) Cybersecurity Working Group have collaborated to offer tools, resources, training, and information to support the healthcare and public health sector. CISA brings its technical expertise as the nation’s cybersecurity defense agency, HHS contributes extensive healthcare and public health knowledge, and the HSCC Cybersecurity Working Group provides practical insights from industry experts dealing with cybersecurity challenges in HPH every day.
A pivotal component of this collaborative effort is the new Cybersecurity Toolkit for Healthcare and Public Health. This toolkit brings together important tools for healthcare organizations. It starts with basic steps that everyone should do to stay safe online. It helps healthcare groups build a strong foundation for cybersecurity.
For detailed information, visit www.CISA.gov/healthcare.
Also, discover how organizations can maintain security and compliance in the healthcare sector.