Cybersecurity
HHS releases cyber guides for healthcare orgs
The Department of Health and Human Services rolled out new guidance to protect organizations in the health care sector from cyberattacks.
The publications are the end result of a requirement in the 2015 Cybersecurity Act to align healthcare security practices and are being marketed by HHS as a starter kit for both IT and non-IT health care professionals to improve baseline cybersecurity. HHS Deputy Secretary Eric Hargan said the guidelines are meant to give “practical, understandable, implementable, industry-led, and consensus-based voluntary cybersecurity guidelines” to “local clinics, regional hospital systems, [and] large health care systems.”
The publication focuses on some of the most common attack vectors used to compromise health care organizations (email phishing, ransomware, data breaches, insider threats and targeted attacks against connected medical devices) and provides basic best practice advice on how to identify and mitigate each threat.
