The AHA has long been committed to helping hospitals and health systems defend against and deflect cyberattacks, physical vulnerabilities and intrusions. As the cyber and physical security landscape continues to evolve, we are working closely with federal agencies, the hospital field and solution providers to build trusted relationships and channels for the exchange of cyber and physical threat information, as well as resources to support the implementation of risk mitigation practices.

HHS Cybersecurity Performance Goals

HHS created a set of voluntary Cybersecurity Performance Goals (CPG) in cooperation with the Healthcare and Public Health (HPH) sector to encourage the implementation of high-impact cybersecurity practices to help organizations better prepare for and mitigate cyber threats.

These practices are designed to:

  • Better protect your hospital or health system from cyberattacks.
  • Improve response when events occur.
  • Minimize residual risk.
  • Mature and heighten your cybersecurity capabilities.
  • Ultimately, protect patient health information and safety.

The CPGs are designed to defend against the most common tactics used by cyber adversaries to attack health care and related third parties, such as exploitation of known technical vulnerabilities, phishing emails and stolen credentials. The AHA recommends that these CPGs be voluntarily implemented by all components of the health care sector, including third-party technology partners and business associates.

Learn more about the CPGs on the HHS Cybersecurity Performance Goals webpage.

How can AHA Help?

The nation’s hospitals and health systems are facing many challenges in their efforts to provide quality patient care and maintain business operations. Cyberattacks and physical threats are two of these critical challenges that are at the forefront for health care leaders.

Your organization can better prepare for and manage these challenges by making cybersecurity and physical security part of your existing governance, risk management and business continuity framework.

To help its members address these rising threats, the AHA has established a Preferred Cybersecurity & Risk Provider Program. The goal: to identify trusted providers with vetted services that can help hospitals and health systems protect their patients and operations from cyberattacks and physical threats.

Cybersecurity and Risk Resources from AHA Partners

Microsoft

Providing free cybersecurity assessments including insights and recommendations on improving your hospital's cybersecurity awareness and defenses. Offer includes cybersecurity awareness and risk mitigation training for frontline and IT staff and affordable access to advanced enterprise security product suite and Windows 10 Extended Security Update free for one year. For independent CAHs and REHs, Microsoft will provide standard nonprofit discounts.

Censinet

Complimentary CPG Compliance Started Kit for all AHA members, which includes a tool to assess compliance, benchmark performance, implement assessments and action plans, monitor risk and report compliance.

Learn more about the AHA Preferred Cybersecurity & Risk Provider Program.

    

Stay up to date on the latest cybersecurity and risk news, resources and alerts.

Subscribe

AHA Cybersecurity & Risk News

See More
Protecting Patients and Hospitals from Cyberattacks
HSCC launches toolkit to strengthen essential health care services and prevent cyberattacks
Urgent action recommended on critical Oracle vulnerability
AHA launches revamped Cybersecurity and Risk Advisory webpage
Notice warns of new LockBit 5.0 ransomware variant
Cybersecurity and Risk Advisory Services
AHA podcast: The Texas Model for Cyber Resilience in Health Care 
Senate fails to pass CR, government shutdown begins while health programs expire
The Ransomware Ripple: The Texas Model for Cyber Resilience in Health Care
Phishing operation attacking at least 20 health care organizations disrupted by Microsoft
FBI warns of cyber criminals targeting Salesforce platforms
Agencies release guidance on software for widespread cybersecurity improvement
Advisory warns of activity by Chinese state-sponsored cyber actors
FBI warns Russian cybercriminals attacking devices using Cisco software with unpatched vulnerability
FBI PSA: Russian Government Cyber Actors Targeting Networking Devices, Critical Infrastructure
Office of Private Sector TLP Green LIR Criminal Actors Enhancements of Business Email Compromise Scheme
Office of Private Sector TLP Green LIR: Recognizing and Responding to Cases of Child Torture
Guidance offers steps to create, maintain operational technology asset inventory for protection
DOJ announces disruption of BlackSuit ransomware group 
Tactics by Scattered Spider cybercriminals highlighted in joint advisory 
Microsoft says China-based threat actors behind SharePoint attacks 
Agencies warn of activity by Interlock ransomware
Microsoft issues alert on vulnerabilities in ongoing SharePoint attacks 
AHA blog: Why and How to Incorporate Physical Security Risk into Your Enterprise Risk Management
Cybersecurity Principles Modern Health System Leaders Need to Master for Success 
Senate holds hearing on health care cybersecurity and patient privacy
AHA podcast: When Cyberattacks Strike — Is Your Board Ready?
When Cyberattacks Strike: Is Your Board Ready?
FDA announces software patch available for Contec, Epsimed patient monitors to address vulnerabilities
Agencies release fact sheet on potential of malicious activity by Iranian cyber actors 
More Cybersecurity News

For help with Cybersecurity and Risk Advisory Services exclusively for AHA members, contact:

John Riggi

National Advisor for Cybersecurity and Risk, AHA

(E) jriggi@aha.org 
(O) 202-626-2272

Scott Gee

Deputy National Advisor for Cybersecurity and Risk, AHA 

(E) sgee@aha.org 
(O) 202-626-2305 

Cyber Services

Cyber Alerts and Reports