New cybersecurity guidelines to fight hacking - HealthManagement.org

The guidance document, entitled “Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients, offers practical guidance for addressing what the Council has identified as the “most impactful threats… within the industry.”

This document is a useful material for healthcare business managers faced with ever-increasing cybersecurity risks and the attending risks to patient safety and operational continuity, business reputation, financial stability, and regulatory compliance.

The guidance document leverages the well-known NIST Cybersecurity Framework to address the following threats:

• E-mail phishing attacks • Ransomware attacks • Loss or theft of equipment or data • Insider, accidental, or intentional data loss • Attacks against connected medical devices that affect patient safety

In each of these threat categories, the guidance identifies specific vulnerabilities, explains the impact that can result from each vulnerability, and suggests the best practices that healthcare businesses can implement to mitigate the risks associated with each kind of threats.

What’s more, concrete and practical recommendations are presented in two volumes, one intended for small healthcare businesses and another for medium and large healthcare organisations. Small businesses get a concise 29 pages of easy-to-read advice.

For large organisations that have more information technology personnel and resources, a more fulsome 100-page document has been prepared by the Council. (Both these volumes are available at https://www.phe.gov/Preparedness/planning/405d/Pages/hic-practices.aspx).