The barrage of cyberattacks healthcare organizations face is partly a result of storing lots of valuable, sensitive personal and financial information, but it’s also down to other factors like the critical nature of healthcare services and the high dependence on digital technologies. To help better address cyber risks in the sector, CISA recently collaborated with the Department of Health and Human Services (HHS) to release a cybersecurity healthcare toolkit. This article provides a clear overview of what the CISA Cybersecurity Toolkit for Healthcare contains and why these resources are worth using.
Navigating this toolkit provides links to consolidated resources around three main areas, the first of which addresses basic cyber hygiene. This basic cyber hygiene comes in the form of free vulnerability scanning performed by CISA’s highly trained information security experts.
The service evaluates the security posture of a network’s externally facing infrastructure by scanning static IP addresses to identify potential weaknesses. Companies that sign up get weekly vulnerability reports and ad-hoc alerts. The basic cyber hygiene section also advises organizations to identify searchable online IT assets and reduce their exposure to attack (e.g., by closing unnecessary ports).
CISA’s cybersecurity toolkit for healthcare clearly emphasizes that attack surface management is pivotal in maintaining basic cyber hygiene. By effectively managing the attack surface, healthcare companies reduce the number of vulnerabilities that attackers could potentially exploit.
The importance of managing and monitoring external-facing assets is driven by healthcare organizations expanding their digital footprints. Telemedicine and remote collaboration see healthcare transforming into an increasingly digital, online service that depends on the cloud. Securing apps, endpoints and cloud services accessible via the internet is imperative in maintaining basic cyber hygiene, and CISA’s vulnerability scanning aims to help companies achieve that baseline security.
In a world of increasingly sophisticated threat actors and cyberattack methods, getting the basics right is nice, but it’s not enough to thwart all attacks. That’s why the second part of the toolkit revolves around maturing cyber resilience in healthcare. This increased cyber resilience stems from both knowledge of the top cybersecurity threats in the health industry and applying the recommended best practices set out by HHS.
A 47-page document collates all the info for this part of the toolkit, highlighting five specific top threats and best practices for mitigating each threat.
While social engineering encompasses a broad range of possible tactics, some general best practices for fending off many of these attacks include:
For ransomware attacks, HHS’ recommended best practices include:
The suggested advice for mitigating this threat includes:
While this threat might seem to overlap with the previous point, this one is less about equipment loss and more about people. The threat refers to employees, contractors or other users, sometimes known as insiders. These individuals may use their access to infrastructure, networks or databases to accidentally or maliciously cause data leaks and losses. The example alluded to by HHS is an employee printing off copies of sensitive patient data and selling this info on the dark web.
Some best practices worth adopting here are:
Last but not least, the toolkit addresses the growing threats posed by connected medical devices that use networking protocols like TCP/IP or Bluetooth to transmit or exchange data. This includes patient monitoring devices, smart infusion pumps, wearable glucose monitors and even radiology equipment.
With forecasted annual growth of 8.5% each year from 2023 to 2032, medical devices will continue to proliferate throughout healthcare IT environments. While these devices undoubtedly offer advancements in diagnostics and patient care, considerable cybersecurity risks emerge with their increased use. In fact, one statistic cited in the document is that 53 percent of connected medical devices or other IoT devices in healthcare have at least one critical security vulnerability.
When it comes to dealing with these threats, the offered advice includes practices like:
The toolkit’s third part is a document offering healthcare-specific advice on adopting a comprehensive framework like NIST Cybersecurity’s Framework. A cybersecurity framework can bring cybersecurity into closer alignment with overall strategic business objectives by facilitating easier communication about how cybersecurity investments lead to meaningful risk reduction.
Frameworks achieve this by going beyond technical details of threats, vulnerabilities and controls to a common language, structure and methodology for managing cyber risks. Far more details are included in the implementation guide.
Improve Healthcare Cyber Security with Nuspire
The publication of CISA’s cybersecurity toolkit for healthcare is an essential step in helping healthcare organizations become aware of cyber threats and reduce their risks via a slew of different resources. Nuspire also offers managed services for strengthening healthcare cybersecurity.
We go beyond mere HIPPA compliance to help you with managed detection and response 24×7 endpoint visibility, micro-segmentation strategies and security evaluations of new devices.