Connect with us

Hi, what are you looking for?



CISA, HHS Release Cybersecurity Healthcare Toolkit

CISA and the HHS have released resources for healthcare and public health organizations to improve their security.

The US cybersecurity agency CISA and the Department of Health and Human Services (HHS) on Wednesday released cybersecurity resources for healthcare and public health (HPH) organizations.

These entities heavily rely on digital technologies to store personal and medical information, perform medical procedures, and communicate with patients, which increases their attack surface, but often face challenges in finding the necessary resources to invest in cybersecurity.

The newly released cybersecurity healthcare toolkit is meant to help organizations at every level build their cybersecurity foundation and implement more advanced tools to improve their defenses.

The toolkit details cyber hygiene steps that both organizations and individuals should take, provides an overview of the threat landscape, documents cybersecurity best practices, and provides a cybersecurity framework implementation guide.

Furthermore, it provides organizations with risk assessment tools and information on recommended tools, such as vulnerability scanning services and CISA’s Known Exploited Vulnerabilities (KEV) catalog.

The toolkit also recommends resources to help organizations strengthen their security stance, prevent ransomware attacks, access free cybersecurity services and tools, and implement incident response plans.

For organizations constrained by resources, the toolkit recommends accessing the State and Local Cybersecurity Grant Program (SLCGP), and free and low-cost services for near-term improvements, and details what organizations in the health sector should expect from technology providers.

“Because cybersecurity is one of many areas where the healthcare and public health sector is facing persistent challenges, CISA and HHS are providing this toolkit filled with remedies to give sector stakeholders a greater ability to proactively assess vulnerabilities and implement solutions,” CISA and HHS note.

Advertisement. Scroll to continue reading.

The toolkit was released on the same day that CISA and HHS co-hosted a roundtable discussion on the cybersecurity challenges the health sector faces and on how collaboration between the government and the industry can help reduce risks.

“Adversaries see healthcare and public health organizations as high value yet relatively easy targets – or what we call target rich, cyber poor.  Given that healthcare organizations have a combination of personally identifiable information, financial information, health records, and countless medical devices, they are essentially a one-stop shop for an adversary,” CISA deputy director Nitin Natarajan said.

Related: Healthcare Organizations Hit by Cyberattacks Last Year Reported Big Impact, Costs

Related: Vulnerabilities in OpenEMR Healthcare Software Expose Patient Data

Related: Personal Information of 11 Million Patients Stolen in Data Breach at HCA Healthcare

Written By

Ionut Arghire is an international correspondent for SecurityWeek.


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn about active threats targeting common cloud deployments and what security teams can do to mitigate them.


Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.


Expert Insights

Related Content

Cloud Security

Cloud security researcher warns that stolen Microsoft signing key was more powerful and not limited to and Exchange Online.

Artificial Intelligence

ChatGPT is increasingly integrated into cybersecurity products and services as the industry is testing its capabilities and limitations.


Government agencies in the United States have made progress in the implementation of the DMARC standard in response to a Department of Homeland Security...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Artificial Intelligence

Microsoft and Mitre release Arsenal plugin to help cybersecurity professionals emulate attacks on machine learning (ML) systems.


Private equity giant plans to buy Forcepoint’s Global Governments and Critical Infrastructure (G2CI) business unit for $2.5 billion.