To stop ransomware terrorists from locking up our Nation’s hospitals, the Federal Government is pushing patient-focused entities to align with a standard. It means more work for hospitals, but it’s necessary. Hospitals are regulated by HIPAA through the Department of Health and Human Services (HHS), which now requires the use of the NIST Cybersecurity Framework (CSF) as the basis for cyber risk assessment. The Feds issued the new requirement because of the need to standardize critical infrastructure and increase resiliency in all areas, but especially in rural healthcare.
The problem is clear, of course: Ransomware terrorists know that hospitals, especially small and rural ones, are good attack targets.
- They cannot afford downtime, as that would lead to bad patient outcomes.
- Negative publicity matters, significantly.
- They typically have good insurance policies.
- Either through insurance or not, they are known to pay ransoms.
- They are understaffed and under-resourced to fight the attackers.
But, even for smaller organizations, the NIST CSF allows them to build a security program that better protects them. For…
