The U.S. Department of Health and Human Services issued guidance on cybersecurity for healthcare organizations. The guidance, a booklet titled Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients is focused on raising awareness and providing suggestions on mitigating threats to patient information in the healthcare field.
The goal of the guidance is to increase awareness, provide practices, and move towards consistency within the health care sector in mitigating the most impactful cybersecurity threats. The document address five threats:
- E-mail phishing attacks
- Ransomware attacks
- Loss or theft of equipment or data
- Insider, accidental or intentional data loss
- Attacks against connected medical devices that may affect patient safety
The following ten practices are suggested to mitigate threats:
- E-mail protection systems
- Endpoint protection systems
- Access management
- Data protection and loss prevention
- Asset management
- Network management
- Vulnerability management
- Incident response
- Medical device security
- Cybersecurity policies
A copy of the guidance may be accessed by clicking here.
