Cyber Threats and the Health Industry
The Department of Health and Human Services recently released “Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients” in response to the increase in cyber attacks across the health sector. A press release from HHS states “The four volume publication, aims to provide voluntary cyber security practices to healthcare organizations of all types and sizes, ranging from local clinics to large hospital systems.”
The Five Threats Explored
The document addresses relevant and existing threats to the health care industry.
- E-mail phishing attacks
- Ransomware attacks
- Loss or theft of equipment or data
- Insider, accidental or intentional data loss
- Attacks against connected medical devices that may affect patient safety
What Else The Document Includes
It also includes statistics and real events that demonstrate the impact of cyber attacks on healthcare companies. Additionally, the document recommends cyber security practices and includes calls to action that healthcare industry employees can take now to help to alleviate these threats. There are also two technical volumes, one geared towards small organizations and one for medium and large organizations, specifically for IT professionals.
What The Document Means For You
The guidelines, procedures and processes in the document are voluntary, but when implemented they meet the goal of reducing cyber attacks in the health sector. The guidelines are consistent with the NIST Cybersecurity Framework – Identify, Protect, Detect, Respond and Recover.
NIST SP 800-171 Compliance
Need guidance on NIST SP 800-171 compliance anywhere from Washington D.C. to Southern Maryland? We're experts, specializing in NIST 800-171 compliance.