A 25-page mitigation guide for the healthcare and public health (HPH) sector has been released by the U.S. Cybersecurity and Infrastructure Security Agency (CISA). The CISA Healthcare Sector Guide is meant to help tackle widespread cyber threats in the healthcare industry.
The CISA guide is an additional companion to the HPH Cyber Risk Summary, published by CISA on July 19, 2023.
CISA Healthcare Sector Guide
The guide maps CISA’s Cross-Sector Cybersecurity Performance Goals (CPGs) to the 405(d) Health Industry Cybersecurity Practices (HCIP): Managing Threats and Protecting Patients guidance, which was jointly published by the Department of Health and Human Services (HHS) and the Health Sector Coordinating Council (HSCC).
Throughout the Healthcare and Public Health industry, CISA has found flaws and unsafe setups that should be worked upon before threat actors take advantage of them.
Web application vulnerabilities, encryption flaws, unsupported software and Windows operating systems, known exploited vulnerabilities, and insecure services are the most common vulnerabilities in the HPH industry.
These flaws frequently result in data breaches and are frequently used in ransomware, phishing, and denial of service attacks.
The 25-page CISA Healthcare Sector Guide includes cybersecurity best practices and recommendations for asset, identity, and device security management as well as vulnerability, patch, and configuration management. It also outlines three mitigation strategies for strengthening defenses against the most prevalent attack vectors.
Understanding the resources on the company network is essential to cybersecurity. Every asset needs to be understood, along with its functions, relationships, and dependencies, as well as what it exposes, what it runs on software and firmware, and so on.
Healthcare organizations can concentrate on safeguarding all assets, segmenting networks to reduce the possibility of lateral movement, and utilizing firewalls and demilitarized zones (DMZs) to protect assets from illegal access after creating an asset inventory.
The CISA Healthcare Sector Guide also contains suggestions for asset security mitigations, network segmentation, and protecting susceptible and exploitable services.
Effective identity management and device security policies are essential for ensuring that devices and digital accounts are appropriately secured as the Healthcare and Public Health industry continues to shift from on-premises to online systems.
The CISA Healthcare Sector Guide recommends a number of focus areas, such as password regulations, access control, email security and phishing prevention, data protection and loss prevention techniques, and recording and monitoring for illegal access.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
