A New National Cybersecurity Toolkit

October 27, 2023

The Biden administration this week unveiled another tool to support health care cybersecurity.

On Wednesday, the administration rolled out a new cybersecurity toolkit with resources to help hospitals and other health care organizations scan for vulnerabilities and avert digital threats. The rollout followed a roundtable discussion on the cybersecurity challenges that the U.S. health care and public health sector system face and how the federal government and the industry can collaborate.

“Adversaries see health care and public health organizations as high value yet relatively easy targets—or what we call target rich, cyber poor,” said Nitin Natarajan, Cybersecurity and Infrastructure Security Agency (CISA) deputy director.  “Given that health care organizations have a combination of personally identifiable information, financial information, health records, and countless medical devices, they are essentially a one-stop shop for an adversary.”

Herea are five things to know:

• A concerning trend:  During 2023, CISA conducted pre-ransomware notifications to more than 65 U.S. health care organizations to stop ransomware encryption and warn entities of early-stage ransomware activity.
• Large digital footprint:  Health care has become a digital world, with the rise of new technologies to store patient medical information, carry out medical procedures, and communicate with patients. This creates a greater exposure to risk for digital attacks.
• Resources:  The toolkit brings together federal resources to scan for known vulnerabilities, outline best practices, and assess resiliency.
• First step:  If you believe your organization has been compromised or is a victim of ransomware, it’s important to report it immediately.
• Quotable:  “We have seen a significant rise in the number and severity of cyberattacks against hospitals and health systems in the last few years,” said Andrea Palm, deputy secretary for the U.S. Department of Health and Human Services. “These attacks expose vulnerabilities in our health care system, degrade patient trust, and ultimately endanger patient safety.”

The toolkit is available to review online.

For more information about health care cybersecurity, contact Jason Tomashunas, MS, CHEP, HAP manager, emergency management.

Members of the American Hospital Association (AHA) also are encouraged to avail themselves of the valuable expertise and experience of John Riggi, the AHA’s Senior Advisor for Cybersecurity and Risk.