Cybersecurity

Cybersecurity vulnerabilities and intrusions pose risks for every hospital, and its reputation.

While there are significant benefits for care delivery and organizational efficiency from the expanded use of networked technology, Internet-enabled medical devices and electronic databases for clinical, financial and administrative operations, networked technology and greater connectivity also increase exposure to possible cybersecurity threats that require hospitals to evaluate and manage new risks in the context of federal privacy rules and related polices.

Hospitals can prepare and manage such risks by viewing cybersecurity not as a novel issue but rather by making it part of the hospital’s existing governance, risk management and business continuity framework.

Hospitals also will want to ensure that the approach they adopted remains flexible and resilient to address threats that are likely to be constantly evolving and multi-pronged.

This web page provides resources for hospital leaders as well as the latest updates from federal officials to help manage cyber threats.

Cybersecurity and Risk Advisory Services

At present, John Riggi, senior advisor for cybersecurity and risk, is available to provide: Strategic Cybersecurity and Risk Advisory Services Related To: Cyber threat and risk profile of the organization Information security and risk mitigation strategy development and integratio...

Related Resources

Testimony
Public
AHA testimony before the House Committee on Oversight and Government Reform regarding cybersecurity threats facing hospitals, health systems and the health…
Bibliography/Link Page
June 2018 June 29, 2018
Guides/Reports
At present, John Riggi, senior advisor for cybersecurity and risk, is available to provide:
Bibliography/Link Page
Member
Daily cybersecurity intelligence reports distributed from the National Health - ISAC for AHA members
Letter
May 31, 2018
Letter
Public
AHA responds to the Food and Drug Administration’s Medical Device Safety Action Plan, particularly with regard to advancing medical device cybersecurity.