Cybersecurity

Cybersecurity vulnerabilities and intrusions pose risks for every hospital, and its reputation.

While there are significant benefits for care delivery and organizational efficiency from the expanded use of networked technology, Internet-enabled medical devices and electronic databases for clinical, financial and administrative operations, networked technology and greater connectivity also increase exposure to possible cybersecurity threats that require hospitals to evaluate and manage new risks in the context of federal privacy rules and related polices.

Hospitals can prepare and manage such risks by viewing cybersecurity not as a novel issue but rather by making it part of the hospital’s existing governance, risk management and business continuity framework.

Hospitals also will want to ensure that the approach they adopted remains flexible and resilient to address threats that are likely to be constantly evolving and multi-pronged.

This web page provides resources for hospital leaders as well as the latest updates from federal officials to help manage cyber threats.

Key Cybersecurity Resources

FBI & CISA PSA: People’s Republic of China (PRC) Targeting of COVID-19 Research Organizations, May 13, 2020

Joint Activity Alert: Top 10 Routinely Exploited Vulnerabilities, May 13, 2020

CISA Insights COVID-19 Disinformation Activity, May 8, 2020

HC3 Cyber Alert TLP White: Quantitative Risk Management for Healthcare Cybersecurity, May 7, 2020

CISA: Guidance for Securing Video Conferencing, May 1, 2020

CISA: Telework Guidance and Resources, May 1, 2020

Health Industry Cybersecurity Information Sharing Best Practices - March 2020

Draft: Data Integrity Identifying and Protecting Assets Against Ransomware and Other Destructive Events - January 2020

The 405(d) Post Vol 3 - January, 2020

The 405(d) Post  Vol 2- November, 2019

Members-Only: Theft of Intellectual Property: Threats to Medical Research and Innovation

Members-Only Cybersecurity Alerts and Resources

Cyber Threat Intelligence

This section contains publicly available Cyber Threat Intelligence reports including FBI and TLP-White reports. For access to restricted distribution reports see members-only cybersecurity resources.   H-ISAC Weekly Reports H-ISAC Report: Hacking Healthcare - TLP White, May 27, ...

Cybersecurity and Risk Advisory Services

At present, John Riggi, senior advisor for cybersecurity and risk, is available to provide: Strategic Cybersecurity and Risk Advisory Services Related To: Cyber threat and risk profile of the organization Information security and risk mitigation strategy development and integration w...

Related Resources

Guides/Reports
Working from Home during COVID-19 Pandemic During the COVID-19 pandemic, many physicians are working from home, using their personal computers and mobile…
Guides/Reports
Public
Mozilla Patches Critical Vulnerabilities in Firefox, Firefox ESR 04/03/2020 04:45 PM EDT Original release date: April 3, 2020 Mozilla has released security…
Special Bulletin
Public
A recent campaign of cyberattacks from a foreign threat actor targeted healthcare organizations and specifically exploited Citrix and Zoho technologies used…
Advisory
Public
The Centers for Medicare & Medicaid Services will prioritize and conduct only certain surveys during the COVID-19 national emergency’s three-week…
Action Alert
Public
Leaders from the Senate, House and Administration continue to negotiate a third spending package related to the novel coronavirus (COVID-19). Senate Majority…
Guides/Reports
Public
A malicious website pretending to be the live map for Coronavirus COVID-19 Global Cases by Johns Hopkins University is circulating on the internet waiting for…