Top Six Actions to Manage Hospital Cybersecurity Risks

1. Establish procedures and a core cybersecurity team to identify and mitigate risks, including board involvement as appropriate.

2. Develop a cybersecurity investigation and incident response plan that is mindful of the Cybersecurity Framework being drafted by the National Institute of Standards and Technology.

3. Investigate the medical devices used by the hospital in accordance with the June 2013 Food and Drug Administration guidance to ensure that the devices include intrusion detection and prevention assistance and are not currently infected with malware.

4. Review, test, evaluate and modify, as appropriate, the hospital’s incident response plans and data breach plans to ensure that the plans remain as current as possible in the changing cyber threat environment.

5. Consider engaging in regional or national information-sharing organizations to learn more about the cybersecurity risks faced by hospitals.

6. Review the hospital’s insurance coverage to determine whether the current coverage is adequate and appropriate given cybersecurity risks.

Related Resources

Member
Between 7 April and 7 May 2019, three US cities were victims of RobbinHood Ransomware attacks.
Letter/Comment
The AHA today submitted comments to the Senate Health, Education, Labor and Pensions Committee on their bipartisan discussion draft legislation, the Lower…
AHA Center for Health Innovation Market Scan
Concern is growing among the FBI, Congress and some health care leaders about the theft of U.S. medical research intellectual property by foreign governments…
White Papers
Member
By The Center for Health Innovation  
Member
Throughout 2018 and 2019, malicious cyber actors used desktop sharing software to facilitate a range of network intrusion activities, using both authorized and…
Member
The FBI continues to observe U.S. businesses’ reporting significant losses caused by cyber insider threat actors.