Cyber Threats and the Health Industry

The Department of Health and Human Services recently released “Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients” in response to the increase in cyber attacks across the health sector. A press release from HHS states “The four volume publication, aims to provide voluntary cyber security practices to healthcare organizations of all types and sizes, ranging from local clinics to large hospital systems.”

The Five Threats ExploredWe'll help with compliance

The document addresses relevant and existing threats to the health care industry.

  • E-mail phishing attacks
  • Ransomware attacks
  • Loss or theft of equipment or data
  • Insider, accidental or intentional data loss
  • Attacks against connected medical devices that may affect patient safety

What Else The Document Includes

It also includes statistics and real events that demonstrate the impact of cyber attacks on healthcare companies. Additionally, the document recommends cyber security practices and includes calls to action that healthcare industry employees can take now to help to alleviate these threats. There are also two technical volumes, one geared towards small organizations and one for medium and large organizations, specifically for IT professionals.

What The Document Means For You

The guidelines, procedures and processes in the document are voluntary, but when implemented they meet the goal of reducing cyber attacks in the health sector. The guidelines are consistent with the NIST Cybersecurity Framework  – Identify, Protect, Detect, Respond and Recover.

NIST SP 800-171 Compliance

Need guidance on NIST SP 800-171 compliance anywhere from Washington D.C. to Southern Maryland? We're experts, specializing in NIST 800-171 compliance.