Homeland Security and HHS Release Interactive Healthcare Cybersecurity Toolkit

Daniel Bush, Kimberly Kannensohn, Allyson Maur
McGuireWoods LLP
Contact
LinkedIn
Facebook
X
Send
Embed

On Oct. 25, 2023, in light of a “significant rise in the number and severity of cyber-attacks against hospitals and health systems in the last few years,” the U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) and the U.S. Department of Health and Human Services (HHS) collaboratively released a cybersecurity toolkit.

The toolkit is intended to help healthcare and public health organizations design and improve their cybersecurity infrastructure. The toolkit combines existing resources such as CISA’s Cyber Hygiene Services, HHS’ Health Industry Cybersecurity Practices, and the Healthcare and Public Health Sector Cybersecurity Framework Implementation Guide, as well as newer resources to help healthcare organizations of all types and sizes to identify, resolve and prevent vulnerabilities. According to CISA and HHS representatives, healthcare entities are prime targets for cyberattacks because they are high value but easy targets — in other words, “target rich, cyber poor.”

The Cybersecurity Toolkit

The toolkit offers convenient and interactive resources, such as a cyber-incident reporting portal, industry best practices and resources on training and exercises, how to address ransomware events, and additional resources on private and public sector partnership opportunities, advisories and alerts, and access to a public feed for real-time sharing of cyber-threat intelligence. The toolkit focuses on proper cyber hygiene, security risk assessments, incident response and providing access to additional funding and resources, such as information on the State and Local Cybersecurity Grant Program.

Prioritizing Cybersecurity

HHS and CISA are not alone in their emphasis on cybersecurity. The U.S. Food and Drug Administration recently released numerous medical device cybersecurity resources and guidance, including the launch of a digital health technology advisory committee. The Federal Trade Commission has been active in enforcing its Health Breach Notification Rule against entities who are healthcare-adjacent, and has proposed changes to strengthen the Health Breach Notification Rule. (For details and background, see McGuireWoods’ Aug. 3, 2023, alert.) Healthcare and healthcare-adjacent entities now have a wealth of tools to assist with enhancing their cybersecurity.

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© McGuireWoods LLP | Attorney Advertising

Written by:

McGuireWoods LLP
McGuireWoods LLP
Contact
more
less

McGuireWoods LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide