The Subcommittee on Health of the Committee on Energy and Commerce will held a hearing on Thursday, May 11, 2023 at 10:00 am in 2322 Rayburn House Office Building. The hearing was entitled, “Preparing for and Responding to Future Public Health Security Threats.” Erik Decker, Chairman of the Health Sector Coordinating Council’s Cyber Working Group provided testimony, available to read in its entirety.
Health delivery organizations across the United States have faced dramatic increases in cyber-attacks intended to cause disruption to the care continuum. In response to this growing threat, the HHS 405(d) Program conducted this Landscape Analysis, which identifies the vulnerabilities and threats most frequently resulting in damaging attacks against hospitals and assesses the hospitals’ known capabilities for preventing damaging cyber incidents.
As a component of the four-part health sector cybersecurity initiative including the joint HHS-HSCC Hospital Cyber Resiliency Landscape Analysis, the recently updated publication of the Health Industry Cybersecurity Practices 2023 (HICP 2023), and the Health Industry Cybersecurity Recommendations for Government Policy and Programs this resource recommends to industry and government partners the HICP practices judged by the HSCC Cybersecurity Working Group to be the most relevant, and therefor prioritized, controls against the vulnerabilities identified in the Landscape Analysis that most frequently result in cyber exploitation and incidents.
As ransomware attacks increase against the health sector generally and small critical access and rural health systems specifically, the HSCC Cybersecurity Working Group offers these ideas, as alternatives or supplements to regulation, for government policies, programs, incentives and assistance to facilitate improved cybersecurity awareness and investment in the sector.
This 8-part video training series totaling 47 minutes explains in non-technical language what clinicians and students in the medical profession need to understand about how cyber attacks can affect clinical operations and patient safety, and how to help keep healthcare data, systems and patients safe from cyber threats.
“The State of Supply Chain Risk in Healthcare” research report, where Dr. Larry Ponemon (Ponemon Institute) and Ed Gaudet (Censinet & Supply Chain TG Co-Lead) discussed the research and findings.
Health delivery organizations across the United States have faced dramatic increases in cyber-attacks intended to cause disruption to the care continuum. In response to this growing threat, the HHS 405(d) Program conducted this Landscape Analysis, which identifies the vulnerabilities and threats most frequently resulting in damaging attacks against hospitals and assesses the hospitals’ known capabilities for preventing damaging cyber incidents.
Health Sector Coordinating Council’s Executive Director Greg Garcia, on behalf of the HSCC Cybersecurity Working Group, gave testimony to the Senate Homeland Security and Government Affairs Committee, Thursday March 16th, 10am EDT, on the topic: “In Need of a Checkup: Examining the Cybersecurity Risks to the Healthcare Sector.”
Today, the Health Sector Coordinating Council (HSCC) Cybersecurity Working Group and the U.S. Department of Health and Human Services (HHS) jointly released a guide to help the public and private healthcare sectors align their cybersecurity programs with the NIST Cybersecurity Framework (CSF). The Cybersecurity Framework Implementation Guide provides specific steps that health care organizations can take immediately to manage cyber risks to their information technology systems and reduce the number of cyber incidents affecting the sector. Recent high-profile cyberattacks reinforce the need for health providers and organizations to assess their cyber health and take actions to improve cybersecurity.
A comprehensive guide to address the management of cyber risk caused by legacy technologies used in healthcare environments. It recommends cybersecurity strategies that both manufacturers and health providers can implement for legacy medical technology as a shared responsibility in the clinical environment and provides insights for designing future devices that are more secure. A brief summary is found here and click here for a Quick Reference Guide. Also, HealthCareInfoSecurity Webinar on HSCC Guide for “Managing Legacy Technology Security“.
The HSCC JCWG developed this document in consultation with the SCC and GCC to help Health Care and Public Health sector organizations understand and leverage the NIST Cybersecurity Framework’s Informative References in their implementation of sound cybersecurity and cyber risk management programs, address the five Core Function areas of the NIST Cybersecurity Framework to ensure alignment with national standards, help organizations assess and improve their level of cyber resiliency, and provide suggestions on how to link cybersecurity with their overall information security and privacy risk management activities.
