Cybersecurity vulnerabilities and intrusions pose risks for every hospital and its reputation.  While there are significant benefits for care delivery and organizational efficiency from the expanded use of networked technology, Internet-enabled medical devices and electronic databases for clinical, financial and administrative operations, networked technology and greater connectivity also increase exposure to possible cybersecurity threats that require hospitals to evaluate and manage  new risks. Hospitals can prepare and manage such risks by viewing cybersecurity not as a novel issue but rather by making it part of the hospital’s existing governance, risk management and business continuity framework.  Hospitals also will want to ensure that the approach they adopted remains flexible and resilient to address threats that are likely to be constantly evolving and multi-pronged.


 AHA Resources

Comment Letters and Other Policy-Related Documents

Tools to Assist with Gap Analysis

Opportunities for Information Sharing

 Background – Establishing the National Cybersecurity Initiative

Resources for Implementing the President’s Executive Order

Resources Specific for the Healthcare and Public Health Critical Infrastructure Sector

Other Relevant Resources



AHA Members-only Resources

Important Cybersecurity Alerts

Cyber Incident Reporting Quick Reference Guide (2016)

OCR Fact Sheet: Ransomware and HIPAA (July 12, 2016)

Ransomware: What It Is and What To Do About It (Resource from HHS, DHS and DOJ) (June 20, 2016)

New spear phishing scheme targeting payroll and human resource professionals (Mar. 1, 2016)

  See US-CERT Security Tip
ST15-001 for information on tax-themed phishing

OCR Offers Advice to Assist HIPAA-Covered Entities Avoid Ransomware (Feb. 3, 2016)

FDA Guidance for Manufacturers: Cybersecurity for Networked Medical Devices Containing Off-The-Shelf (OTS) Software (July 2015)

Vulnerabilities of Hospira LifeCare PCA3 and PCA5 Infusion Pump Systems: FDA Safety Communication (May 13, 2015)

The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT)

Health Care-Related Messages

OSSI Cyber Threat Intelligence Program Product for the Healthcare and Public Health Sector (June 2016)

DHS issues alert related to end of support for Windows 2003 Operating System (11/10/14)

HITRUST Cyber Threat Intelligence and Incident Coordination Center Alert:  Bash/Shellshock Vulnerability (9/25/14)

DHS issues guidance on Internet Explorer vulnerability (4/30/14)

FBI Private Industry Notification: Health Care Systems and Medical Devices at Risk for Increased Cyber Intrusions for Financial Gain (4/8/14)

FDA Safety Communication:  Cybersecurity for Medical Devices and Hospital Networks (2013)  

U.S. Department of Homeland Security AlertMedical Devices Hard-Coded Passwords (2013)
Warning that an estimated 300 medical devices from 40 vendors could be vulnerable to hacking and potentially exploited to change critical settings and/or modify device firmware

About AHA


Member Constituency Sections

Key Relationships

News Center

Performance Improvement

Advocacy Issues

Products & Services


Research & Trends


155 N. Wacker Dr.
Chicago, Illinois 60606

800 10th Street, N.W.
Two CityCenter, Suite 400
Washington, DC 20001-4956