Top Six Actions to Manage Hospital Cybersecurity Risks

1. Establish procedures and a core cybersecurity team to identify and mitigate risks, including board involvement as appropriate.

2. Develop a cybersecurity investigation and incident response plan that is mindful of the Cybersecurity Framework being drafted by the National Institute of Standards and Technology.

3. Investigate the medical devices used by the hospital in accordance with the June 2013 Food and Drug Administration guidance to ensure that the devices include intrusion detection and prevention assistance and are not currently infected with malware.

4. Review, test, evaluate and modify, as appropriate, the hospital’s incident response plans and data breach plans to ensure that the plans remain as current as possible in the changing cyber threat environment.

5. Consider engaging in regional or national information-sharing organizations to learn more about the cybersecurity risks faced by hospitals.

6. Review the hospital’s insurance coverage to determine whether the current coverage is adequate and appropriate given cybersecurity risks.

aha-cyber-top6.pdf

Related Resources

Resources
A recent wave of cyber “ransomware” attacks has impacted healthcare and governmental organizations throughout the country.
Member
Daily cybersecurity intelligence reports distributed from the National Health - ISAC for AHA members
Other Resources
According to information derived from an FBI investigation, a group of malicious cyber actors working for the Iran-based Mabna Institute (Mabna) ha
Resources
Member
Press Releases
The American Hospital Association (AHA) today announced that John Riggi has joined the association as Senior Advisor for Cybersecurity and Risk.
Member
NH-ISAC Daily Security Intelligence ReportsDaily cybersecurity intelligence reports distributed from the National Health - ISAC for AHA members