Skip to main content

Author: Beson4 Consulting

Statement about HHS Cyber Performance Goals

The Health Sector Coordinating Council (HSCC) Cybersecurity Working Group (CWG) has worked with HHS, CISA and other federal agencies over the past several years to develop leading cybersecurity practices that are provided to all health organizations in the ecosystem. Today’s release of the HPH Cyber Performance Goals (CPGs) is the next iteration of that partnership. The CPGs amplify the recognition among health providers – large, medium and small – that cyber safety is patient safety, and that focused investment and accountability are imperative to inoculate our data, systems and patients against the rising epidemic of cyber-attacks on the sector. This accountability in turn must be supplemented with government and industry assistance to those under-resourced health systems that accept their cybersecurity responsibility for protecting patient safety as a national imperative but are financially and operationally constrained.

Continue reading

Reprint Health Industry Cybersecurity – Securing Telehealth and Telemedicine (HIC-STAT)

HIC-STAT identifies cyber risks and best practices associated with the use of telehealth and telemedicine, and summarizes the policy and regulatory underpinnings for telehealth/telemedicine cyber risk management. It is targeted for senior executives in healthcare and IT, telehealth service and product companies, and regulators.

Continue reading

Reprint Medtech Vulnerability Communications Toolkit (MVCT)

MVCT is a toolkit written to provide specific tools to medical device manufacturers and software developers for creating cybersecurity vulnerability communications related to their products or services. This toolkit focuses on vulnerability communications directed to non-security professionals, including clinicians, patients, users, and other readers not familiar with cybersecurity and connected technologies. It is intended to help medical device manufacturers formulate and communicate vulnerability disclosures that all affected audiences, including nontechnical stakeholders, can understand.

Continue reading