Ransomware. Cyber-vulnerable medical devices. E-mail phishing attacks. Insider threats. Theft of equipment and data. These five topics are a perpetual nuisance to any healthcare IT cybersecurity professional. Not surprisingly, these troublesome topics are the focus of the Health Industry Cybersecurity Practices guidelines derived from the Cybersecurity Act of 2015 405(d): Aligning Health Care Industry Security Approaches.
Over the past decade, threats to the healthcare industry have increased dramatically along with the sophistication of cyberattacks. As a result, the Healthcare Sector Coordinating Council and the U.S. Department of Health and Human Services collaborated in a Task Group 1 to establish cybersecurity practices that can be used across the healthcare industry.
This collaboration netted guidelines that are actionable, practical and relevant for healthcare IT professionals and health technology management (HTM) professionals responsible for the secure operation of medical devices and patient safety. The guide examines each of the troublesome five topics, uses real-world scenarios of how the threats impacted the health delivery organization, and provides threat quick tips on what to do in the moment of the incident. Next, common security techniques recommended by HIPAA 2 and NIS 3, such as asset visibility, asset inventory, controlling access to devices and network segmentation are woven throughout the guide, providing how-to advice to prepare for or mitigate against troublesome threats.
Want to learn more? We are fortunate to have firsthand perspective on this topic from the Industry Co-Lead for this effort: Erik Decker, Chief Information Security Officer and Chief Privacy Officer of the University of Chicago Medicine. Erik recently spoke with me to discuss how to protect patients by applying recommendations from the Task Group’s Health Industry Cybersecurity Practices. In this webinar, you’ll learn these best practices which sought input from over 150 health IT professionals and gain even more insight on how to apply them in your own organization.
Register for the webinar “Top Cybersecurity Practices (HICP) to Mitigate Cyber Threats in Healthcare” to learn more.
2 Health Insurance Portability and Accountability Act
3 Network and Information Systems Regulation 2018