New Resources Help Healthcare Workers, Hospitals Become More Cyber Resilient

The Department of Health and Human Services (HHS) released new cybersecurity resources to help the healthcare and public health sector (HPH) better prepare its cyber defenses.

The new resources come from the HHS cybersecurity task force and mark the first time HHS has offered free cybersecurity trainings to the health sector workforce.

“Cyberattacks are one of the biggest threats facing our health care system today, and the best defense is prevention,” said Deputy Secretary Andrea Palm.

The health sector is a major target for cyber thieves. A JAMA Health Forum Study found that ransomware attacks against healthcare organizations doubled from 2016 to 2021.

Focus on Education

The first resource provided by HHS is the Knowledge on Demand platform, which offers training to make healthcare workers more aware of five cybersecurity issues: social engineering, ransomware, loss or theft of equipment or data, insider accidental or malicious data loss, and attacks against network connected medical devices.

“These trainings will serve as an asset to any sized organization looking to train staff in basic cybersecurity awareness and are offered free of charge, ensuring that those hospitals and health care organizations most vulnerable to attack can take steps toward resilience,” said Deputy Secretary Palm.

The virtual trainings include videos, job aids, and PowerPoint presentations. All can be accessed directly from the 405(d) website, which provides the healthcare and public health sector with resources and tools to raise awareness about cyber threats.

Health Industry Cybersecurity Practices 2023 Edition

Also on the Knowledge on Demand platform is the updated 2023 edition of Health Industry Cybersecurity Practices (HICP). HICP is a “foundational publication that aims to raise awareness of cybersecurity risks, provide best practices, and help the HPH Sector set standards in mitigating the most pertinent cybersecurity threats to the sector.”

The edition includes the most relevant and updated threats the health sector faces, including a discussion of social engineering attacks, which have emerged as a top threat. Social engineering attacks are an attempt to trick someone into revealing information or taking an action like clicking a link, that can then be used to attack systems or networks.

“Staying current and responsive to evolving cyber threats is critical to protecting patient safety,” said Erik Decker, Chief Information Security Officer of Intermountain Health and Chair of the Health Sector Coordinating Council Cybersecurity Working Group.

Hospital Cyber Resiliency Landscape Analysis

The third resource provided is an analysis of how U.S. hospitals are faring in their efforts to protect against cyber threats.

It uses data from a variety of hospitals around the country and from a variety of hospital types and measures their preparedness against standardized guidelines. The data is then analyzed to identify best practices and opportunities to make hospitals more cyber resilient.

“The Hospital Cyber Resiliency Initiative Landscape Analysis greatly furthers our understanding of hospital cyber resiliency and provides us with a platform to begin working through potential policy considerations and minimum standards to better support cybersecurity in U.S. hospitals,” said Deputy Secretary Palm.

HHS urges leaders across the healthcare spectrum to use the new resources to begin assessing their organizations’ cybersecurity programs.