The Cybersecurity and Infrastructure Security Agency Dec. 15 released an advisory on ways health care organizations can enhance their cybersecurity protection. CISA recommends that organizations use longer and more complex passwords; ensure that only ports, protocols and services with validated business needs are running on each system; train users against password reuse; discontinue reuse or sharing of administrative credentials among systems; and implement a security awareness program that focuses on methods commonly used in intrusions that can be blocked through individual action, among other solutions. 

“This report of findings from a network penetration test of a health care organization conducted by CISA provides useful guidance which may be applicable to other health care organizations,” said John Riggi, AHA national advisor for cybersecurity and risk. “In particular, the recommendations outlined in Table 6 of the document may help organizations identify and mitigate key sources of cyber risk. CISA has become very pro-active in helping organizations share best practices in mitigating cyber risk and conducts free risk and vulnerability assessments.” 
 
For more information on cyber and risk issues contact Riggi at jriggi@aha.org. For the latest cyber and risk information and resources visit www.aha.org/cybersecurity.

Related News Articles

Headline
Fernando Martinez, Ph.D., chief digital officer at the Texas Hospital Association, shares how Texas and the THA are building regional resilience through cyber…
Headline
The federal government shut down Oct. 1 following a failed Senate vote on the House-passed continuing resolution to fund the government by midnight Sept. 30.…
Headline
Microsoft Sept. 16 announced it had disrupted a growing phishing service that had targeted at least 20 U.S. health care organizations. The company said it used…
Headline
The FBI Sept. 12 released an alert warning of malicious activities by cybercriminal groups UNC6040 and UNC6395, which the agency said are responsible for an…
Headline
The Cybersecurity and Infrastructure Security Agency, National Security Agency and international agencies Sept. 3 released joint guidance outlining a “software…
Headline
Chinese state-sponsored cyber actors are maliciously targeting networks globally, including telecommunications, government and others, according to a joint…